View previous topic :: View next topic |
Author |
Message |
slangdaddy n00b
Joined: 17 Jul 2007 Posts: 73 Location: Braunschweig
|
Posted: Wed Sep 12, 2012 8:47 am Post subject: pam and ldap: root is required to change his passwd |
|
|
Hello,
I want to be able to login with my ldap credentials on my workstation and edited my nss and pam configuration accordingly to http://www.gentoo.org/doc/en/ldap-howto.xml .
I can login with ldap users via ssh and the terminal. When I try to login with my root account (which should bew local), I am prompted to immediately change my ldap password. I am afraid that the ldap authentication is used for my root account. That is not the desired behaviour.
SUDO'ing to root work without the prompt. Now the real problem is the creation of users or groups, i.e. emerging mysql fails while adding the group 'mysql'.
I believe this happens because at some point, pam tries to use ldap data for my root account, but I cannot determine the cause.
Here is me /etc/pam.d/system-auth
Code: | #%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account sufficient pam_ldap.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
password sufficient pam_ldap.so use_authtok use_first_pass
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
|
Any help is appreciated. |
|
Back to top |
|
|
slangdaddy n00b
Joined: 17 Jul 2007 Posts: 73 Location: Braunschweig
|
Posted: Wed Sep 12, 2012 10:21 am Post subject: |
|
|
Nevermind, I think the problem is solved by changing the account rules to
Code: | account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
account requisite pam_deny.so
account required pam_permit.so |
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|