Conflict between LDAP and Privilege Separation?
Tim Rice
tim at multitalents.net
Thu Sep 1 03:32:11 EST 2005
On Tue, 30 Aug 2005, Lets Go Canes wrote:
> Hi all.
>
> --- Tim Rice <tim at multitalents.net> wrote:
>
> > Looks like a PAM configuration problem.
> >
> > What does your /etc/pam.conf look like?
>
> As far as I am aware, it is the Solaris default:
>
OK, there are no ssh entries so basicly it's the "other" entries.
>
> other auth required /usr/lib/security/$ISA/pam_unix.so.1
> other account requisite /usr/lib/security/$ISA/pam_roles.so.1
> other account required /usr/lib/security/$ISA/pam_projects.so.1
> other account required /usr/lib/security/$ISA/pam_unix.so.1
> other session required /usr/lib/security/$ISA/pam_unix.so.1
> other password required /usr/lib/security/$ISA/pam_unix.so.1
Your previous post said
> I am also seeing in /var/adm/messages:
>
> Aug 29 16:47:55 ssh-host sshd[26773]: [ID 776383 auth.error]
> open_module: stat(/lib/security/pam_limits.so) failed: No such file or
> directory
> Aug 29 16:47:55 ssh-host sshd[26773]: [ID 487707 auth.error]
> load_modules: can not open module /lib/security/pam_limits.so
> Aug 29 16:47:55 ssh-host sshd[26773]: [ID 800047 auth.error] error:
> PAM: pam_open_session(): Dlopen failure
> Aug 29 16:47:55 ssh-host sshd[26773]: [ID 776383 auth.error]
> open_module: stat(/lib/security/pam_nologin.so) failed: No such file or
> directory
> Aug 29 16:47:55 ssh-host sshd[26773]: [ID 487707 auth.error]
> load_modules: can not open module /lib/security/pam_nologin.so
None of those (missing) modules are even listed in your pam.conf
Did you build your own PAM stack that uses a different configuration file?
Try running truss(1) on sshd and see what config file it opens.
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
More information about the openssh-unix-dev
mailing list