Hi Nimit, many thanks for the explanation. It really helped. Should I file a bug for authconfig in bugzilla? It would be nice if authconfig can configure this.
Regards Oliver
Nimit Gupta wrote:
Hello Oliver,
I think you are using ldap to store user account information, and due to that you see these error messages.
Oliver Schulze L. wrote:
Hi, I'm using openldap in RH9 for my user DB. I have configured pam with authconfig.
The problem I get is that for evey login success, I have a login failure
in /var/log/messages in every service(login, pop3, imap, etc).
For example, when I login to IMAP I get:
Jul 15 04:40:38 server imap(pam_unix)[9429]: check pass; user unknown
Jul 15 04:40:38 server imap(pam_unix)[9429]: authentication failure; logname= u
id=0 euid=0 tty= ruser= rhost=
Here as the user account information is not available in place where pam_unix module checks for it, so this error message is given by pam_unix module.
Jul 15 04:40:38 server imapd[9429]: Login user=user1 host=localhost [127.0.0
.1]
Jul 15 04:40:40 server imapd[9429]: Logout user=user1 host=localhost [127.0.
0.1]
Here its now authenticated by pam_ldap module successfully, as information about user accounts is stored in ldap(you must have configured it to do so or by mistake chosen it while installation).
I solved this problem by configuring /etc/pam.d/system-auth from this: auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so
to this:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_ldap.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/$ISA/pam_deny.so
This solved the problem as now first it checks pam_ldap and since sufficient is specified it won't check any further. You can even remove pam_unix line if you use ldap to store the user account information.
Cheers, Nimit
-- Oliver Schulze L. <oliver@xxxxxxxxxxxxx>
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
