RSS feed

Re: pam_authz_search being ignored

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: pam_authz_search being ignored

On Tue, 2019-10-29 at 16:21 +0000, CHOUDARY, ANIRUDH (Ext) wrote:
> We have two applications running in docker containers that are using
> the same set of configurations for nslcd.conf and pam.d files.
> When one application (Rstudio) uses the nslcd for authentication, the
> pam_authz_search kicks in.
> However, when the other application (shiny) uses the nslcd for
> authentication the pam_authz_search filter is ignored.

Hi Anirudh,

In a PAM stack there is an authentication (auth) and authorisation
(account) phase. It seems the second application is not doing the
authorisation part (pam_authz_search is only used on the authorisation

It should be possible to debug this by appending the debug option to
the pam_ldap line in your PAM configuration files. These log messages
generally end up in your auth log (/var/log/auth.log or

In fact, a lot of PAM modules accept the debug option which can help in
tracking down how your PAM stack (and application) operate.

Hope this helps,

-- arthur - - --