What I had to do was compile my own wu-ftpd with the --with-pam configure
option.
Worked like a charm after that. Also I am using the following in pam.conf:
ftpd auth sufficient /usr/lib/security/pam_ldap.so.1
ftpd auth required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
ftpd auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
and use no other entries. Seems quite different from what you have but it
works.
mark
At 04:11 PM 8/8/2002 -0400, you wrote:
>Has anyone used the Sun pam_ldap in Solaris 9?
>
>I can't get it to work with their in.ftpd (actually the wu-ftpd
>behiond a Sunscreen).
>
>Here's my pam.conf:
> ftp auth requisite pam_authtok_get.so.1 debug
> ftp auth required pam_dhkeys.so.1 debug
> ftp auth required pam_ldap.so.1 debug
> ftp account requisite pam_roles.so.1
> ftp account required pam_projects.so.1
> ftp account required pam_ldap.so.1
> ftp session required pam_ldap.so.1
> ftp password required pam_dhkeys.so.1
> ftp password requisite pam_authtok_get.so.1
> ftp password requisite pam_authtok_check.so.1
> ftp password required pam_authtok_store.so.1
>
>(I copied the "other" and replaced the pam_unix*.so with pam_ldap).
>
>Here's my ldap entry (don't worry, nothing secret -- test entry):
> dn: uid=gary,ou=People,dc=support,dc=Ulticom,dc=com
> loginShell: /bin/ksh
> sn: Algier
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixaccount
> cn: Gary Algier
> givenName: Gary
> uid: gary
> ou: Information Technologies
> uidNumber: 402
> gidNumber: 1102
> gecos: Gary Algier
> homeDirectory: /private/gary
> l: Mt. Laurel
> roomNumber: 1020 K-8
> userPassword:: e2NyeXB0fWUxcE9aY1l6WjkvdS4=
>
>My syslog shows (after adding debug as a severity):
>Aug 8 15:37:05 eye ftpd[1449]: [ID 745051 auth.debug] PAM[1449]:
>pam_authenticate(5e698, 1): error No account present for user
>
>I even wrote a simple "pamtest" executable and got:
>% ./pamtest ftp gary howell
>pamtest: pam error: No account present for user
>
>What does it mean "No account"?
>
>The regular mechanisms for defining users seems to be working ok as
>the logins program finds me:
>
>% logins -xol gary
>gary:402::1102:Gary Algier:/private/gary:/bin/ksh:LK:010170:0:0:0
>
>I have successfully used the pam_ldap_ntlm module with Solaris 8, but
>I have a Solaris 9 system that I need to use the vendor supplied tools.
>
>Can anyone shed some light?
>
>
>--
>Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
>Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
>
>
>
>_______________________________________________
>
>Pam-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/pam-list
