netbsd-help: Re: pam+ldap

Subject: Re: pam+ldap
To: None <netbsd-help@netbsd.org>
From: Christos Zoulas <christos@tac.gw.com>
List: netbsd-help
Date: 05/29/2005 13:54:32

In article <200505291327.22871.th.lacoste@wanadoo.fr>,
Thierry Lacoste  <th.lacoste@wanadoo.fr> wrote:

>$ cat /etc/pam.d/su
># $NetBSD: su,v 1.6 2005/04/05 18:23:36 christos Exp $
>#
># PAM configuration for the "su" service
>#
>
># auth
>auth            sufficient      pam_rootok.so           no_warn
>auth            sufficient      pam_self.so             no_warn
>auth            sufficient      pam_ksu.so              no_warn try_first_pass
>#auth           sufficient      pam_group.so            no_warn group=rootauth 
>root_only authenticate
>auth            requisite       pam_group.so            no_warn group=wheel 

The requisite line fails because guest in not in wheel and thus yout
ldap entry does not get executed.

christos

>root_only fail_safe
>auth            sufficient /usr/pkg/lib/security/pam_ldap.so
>auth            required        pam_unix.so             no_warn try_first_pass 
>nullok
>
># account
>account         sufficient /usr/pkg/lib/security/pam_ldap.so
>account         required        pam_login_access.so
>account         include         system
>
># session
>session         required        pam_permit.so
>
>But I can't su to the guest account:
>
>$ su - guest
>su: unknown login guest
>
>There's no ldap traffic on my network interface.
>
>What did I miss?
>
>Regards,
>Thierry.
>
>