Conflict between LDAP and Privilege Separation?

Lets Go Canes letsgonhlcanes at yahoo.com
Wed Aug 31 00:09:50 EST 2005 

Hi all.

--- Tim Rice <tim at multitalents.net> wrote:

> Looks like a PAM configuration problem.
> 
> What does your /etc/pam.conf look like?

As far as I am aware, it is the Solaris default:

#
#ident  "@(#)pam.conf   1.16    01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required       
/usr/lib/security/$ISA/pam_projects.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required       
/usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
#
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required       
/usr/lib/security/$ISA/pam_projects.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_p
ass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#
# Support for Solaris PPP (sppp)
ppp     auth    required        /usr/lib/security/$ISA/pam_unix.so.1
ppp     auth    required       
/usr/lib/security/$ISA/pam_dial_auth.so.1
ppp     account requisite       /usr/lib/security/$ISA/pam_roles.so.1
ppp     account required       
/usr/lib/security/$ISA/pam_projects.so.1
ppp     account required        /usr/lib/security/$ISA/pam_unix.so.1
ppp     session required        /usr/lib/security/$ISA/pam_unix.so.1


--------------
Lets Go Canes!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the openssh-unix-dev mailing list