[Bug 740] Sun's pam_ldap account management is not working
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Oct 10 08:34:27 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=740
Summary: Sun's pam_ldap account management is not working
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: solovam at louisville.stortek.com
Tested on Solaris 8/9 with the latest pam_ldap from Sun.
When PAM account management functions are enabled with something like:
===
other account required pam_ldap.so.1
===
in pam.conf no logins are possible.
Below is the pertaining section of the sshd run output with -ddd option:
===
debug3: monitor_read: checking request 52
debug3: mm_answer_pam_free_ctx
debug3: mm_request_send entering: type 53
debug3: mm_do_pam_account entering
debug3: mm_request_send entering: type 44
debug3: mm_request_receive_expect entering: type 45
debug3: mm_request_receive entering
debug2: monitor_read: 52 used once, disabling now
debug3: mm_request_receive_expect entering: type 44
debug3: mm_request_receive entering
debug3: do_pam_account: pam_acct_mgmt = 9
debug3: mm_request_send entering: type 45
debug3: mm_do_pam_account returning 0
===
pam_acct_mgmt returns 9 (PAM_AUTH_ERR) even though the account is valid (not
expired, etc).
The same box works fine with the native Solaris 9 sshd, telnetd and other
services, so the account management DOES work and there is NO configuration
problems.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list