On Sun, May 19, 2002 at 02:21:10PM +0530, Nikhil Patil wrote: > My problem deals with PAM authentication using an LDAP server. My > configuration as supplied with the RHL7.2 pam_ldap.so works fine, but the > one that comes with RHL7.3 or the one that I compile myslef using latest > pam_ldap from www.padl.com doesn't work. > > Hence, I would like to know how pam_ldap.so supplied with > nss_ldap-172-2.i386.rpm in RHL7.2 and nss_ldap-185-1.i386.rpm in > RHL7.3 has been made. I mean, where can I get its source (The RedHat > modified one) and with what configuration was it compiled? The source packages are both on the CDs and on the FTP site (in /pub/redhat/linux/7.3/en/os/i386/SRPMS/). I think the problem you're running into is a consequence of a change in the default behavior made in the pam_ldap version we included in the 7.2 release. For a time, pam_ldap would return PAM_IGNORE if the user was not known to the directory, but before the change was made (and after it was changed back), it returned PAM_USER_UNKNOWN, which causes different things to happen because PAM_USER_UNKNOWN normally signals an error, while PAM_IGNORE doesn't. You should be able to correct this by modifying /etc/pam.d/system-auth and replacing: account required /lib/security/pam_ldap.so with: account [default=bad success=ok user_unknown=ignore] /lib/security/pam_ldap.so The version of authconfig included with 7.3 should do this correctly. HTH, Nalin
