On Thu, 14 Sep 2000, Kelli Wolfe wrote:
> I've got some more information/weirdness on my Telnet problem.
> If I sit at the console, I can login with an LDAP only account
> that has a clear text password. I cannot login with an LDAP
> account that has an encrypted password. I also cannot login
> with an account that is in both the LDAP and the passwd files.
> I cannot telnet with any of the above accounts. I can ssh with
> all of the accounts.
How do you have the PAM modules stacked in your /etc/pam.d/login file?
Since you're using nss_ldap, if you use pam_unix it will find a password
entry for all of your users -- but it will fail to authenticate users that are
in LDAP, since AFAIK nss_ldap won't return the password field.
> It seems like I'm having a couple of problems with 'login'.
> I am running RedHat 6.2, so from what I understand, telnet is
> actually running login. Login doesn't seem to be recognizing
> the {crypt} attribute on the password. And something is
> causing remote telnet logins to immediately log back out.
> Before I started adding LDAP to the authentication, telnet
> worked just fine.
Login should have no knowledge of the {crypt} attribute: this should all be
handled inside pam_ldap. If pam_ldap handles this correctly for ssh, I don't
understand why it wouldn't handle it correctly for login.
Steve Langasek
postmodern programmer
> -----Original Message-----
> From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On
> Behalf Of Ben Collins
> Sent: Wednesday, September 13, 2000 12:30 PM
> To: pam-list@redhat.com
> Subject: Re: Telnet and PAM
>
>
> On Wed, Sep 13, 2000 at 09:04:10AM -0500, Kelli Wolfe wrote:
> > Hello,
> >
> > I've seen in the archives where people are using Telnet
> > and PAM together, how? I have OpenSSH authenticating
> > against OpenLDAP with nss_ldap and pam_ldat, but every
> > time I try to telnet to the machine I get the error:
> > Connection closed by foreign host. It appears in the
> > LDAP logs to authenticate properly, but then it just
> > dies.
>
> Sounds like something is getting a segv. Could be login (do console logins
> work?), or one of the *-ldap modules, or even PAM itself.
>
> --
> -----------=======-=-======-=========-----------=====------------=-=------
> / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
> ` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
> `---=========------=======-------------=-=-----=-===-======-------=--=---'
>
>
>
> _______________________________________________
>
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
>
>
>
> _______________________________________________
>
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
>
