ALT Linux sysadmins discussion
 help / color / mirror / Atom feed
* [Sysadmins] pam_ldap &ssh
@ 2006-08-07  5:54 Anton Gorlov
  0 siblings, 0 replies; only message in thread
From: Anton Gorlov @ 2006-08-07  5:54 UTC (permalink / raw)
  To: ALT Linux sysadmin discuss

Понадобилось ещё и по ssh на некоторые сервера пускать юзеров из LDAP.
(тех,у кого shell !=/dev/null)
поправил /etc/pam.d/ssh

[root@gws auth]# cat /etc/pam.d/sshd
#%PAM-1.0
auth     required       pam_userpass.so
auth     sufficient     pam_ldap.so use_first_pass
auth     required       pam_tcb.so shadow fork prefix=$2a$ count=8
nullok nodelay blank_nolog use_first_pass
auth     required       pam_nologin.so
account  include        system-auth
password include        system-auth
session  include        system-auth

Вроде всё работает...но в логах кое-что смущает:

Aug  5 13:28:10 gws sshd[8413]: pam_ldap: error trying to bind as user
"uid=user,ou=Users,dc=work,dc=com,dc=ru" (Invalid credentials)
Aug  5 13:28:10 gws sshd[8413]: pam_tcb(sshd:auth): Authentication
failed for user from (uid=0)
Aug  5 13:28:13 gws sshd[8414]: Accepted password for user from
192.168.1.184 port 2440 ssh2
Aug  5 13:28:13 gws sshd[8419]: pam_tcb(sshd:session): Session opened
for user by (uid=11000)

Почему вначале он ругается на неправильный credentials, а потом всё Ок?

   np: Crematory - Believe - Caroline



^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2006-08-07  5:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-08-07  5:54 [Sysadmins] pam_ldap &ssh Anton Gorlov

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git