[Bug 740] Sun's pam_ldap account management is not working

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Oct 10 08:34:27 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=740

           Summary: Sun's pam_ldap account management is not working
           Product: Portable OpenSSH
           Version: 3.7.1p1
          Platform: UltraSparc
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: PAM support
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: solovam at louisville.stortek.com


Tested on Solaris 8/9 with the latest pam_ldap from Sun.

When PAM account management functions are enabled with something like:

===
other   account required        pam_ldap.so.1
===

in pam.conf no logins are possible.

Below is the pertaining section of the sshd run output with -ddd option:

===
debug3: monitor_read: checking request 52
debug3: mm_answer_pam_free_ctx
debug3: mm_request_send entering: type 53
debug3: mm_do_pam_account entering
debug3: mm_request_send entering: type 44
debug3: mm_request_receive_expect entering: type 45
debug3: mm_request_receive entering
debug2: monitor_read: 52 used once, disabling now
debug3: mm_request_receive_expect entering: type 44
debug3: mm_request_receive entering
debug3: do_pam_account: pam_acct_mgmt = 9
debug3: mm_request_send entering: type 45
debug3: mm_do_pam_account returning 0
===

pam_acct_mgmt returns 9 (PAM_AUTH_ERR) even though the account is valid (not
expired, etc).

The same box works fine with the native Solaris 9 sshd, telnetd and other
services, so the account management DOES work and there is NO configuration
problems.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list