Ok, a couple of differences here: on the line: auth sufficient /lib/security/pam_unix.so likeauth nullok debug does this increase the verbage from pam_unix.so? I didn't notice any additional data in the /var/log/messages or secure logs. An order difference in account section, I don't believe that should be significant since the stack matches. a couple of minor? items in session. ********************* [root@Webby pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account required /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so >> You need to look @ system-auth in your pam dir. >> have a look @ mine >> auth required /lib/security/pam_env.so >> auth sufficient /lib/security/pam_unix.so likeauth nullok debug >> auth sufficient /lib/security/pam_ldap.so use_first_pass >> auth required /lib/security/pam_deny.so >> account sufficient /lib/security/pam_ldap.so >> account required /lib/security/pam_unix.so >> password required /lib/security/pam_cracklib.so retry=3 type= >> password sufficient /lib/security/pam_unix.so nullok use_authtok md5 >> shadow >> password sufficient /lib/security/pam_ldap.so use_authtok >> password required /lib/security/pam_deny.so >> session optional /lib/security/pam_mkhomedir.so >> session required /lib/security/pam_limits.so >> session required /lib/security/pam_unix.so >> session optional /lib/security/pam_ldap.so >> >> >> Alan Womack >> >> <arwbackup@worldne To: <pam-list@redhat.com> >> >> t.att.net> cc: >> >> Sent by: Subject: Newbie: cannot >> log into box >> pam-list-admin@red >> >> hat.com >> >> >> >> >> >> 06/26/02 08:28 AM >> >> Please respond to >> >> pam-list >> >> >> >> >> >> I am working on getting user authentication with ldap going. I had it >> working ok, but I could not add a user that could login. Only the users >> that existed before I got ldap authentication going were able to login. >> Therefore I have been trying to learn what part of the authentication >> stack >> was failing. >> I have access to machine because I have several tty's loged into root. >> In an attempt to diagnose which PAM module is having trouble I have tried >> to change my /etc/pam.d/login to read: >> [root@Webby pam.d]# cat login >> #%PAM-1.0 >> auth required /lib/security/pam_permit.so >> auth required /lib/security/pam_warn.so >> #auth required /lib/security/pam_securetty.so >> #auth required /lib/security/pam_stack.so service=system-auth >> #auth required /lib/security/pam_nologin.so >> #account required /lib/security/pam_stack.so service=system-auth >> #password required /lib/security/pam_stack.so service=system-auth >> #session required /lib/security/pam_stack.so service=system-auth >> #session optional /lib/security/pam_console.so >> my limited understanding from the redhat reference guide is that this >> should allow me to log in regardless of what the user name is? Is this >> correct? >> When I try to login from the console on tty2, I get a very fast flash of: >> user account has expired >> I have checked via the graphical redhat-user-configuration program and >> expiration of my accounts is not enabled. Epson Inkjet Printer FAQ: http://welcome.to/epson-inkjet
