I've added in the /etc/pam.d/system-auth the next line
auth sufficient /lib/security/pam_rootok.so
but the user root can't login in the system yet.
In the logs, I get the next error messages:
login: pam_ldap: ldap_simple_bind Can't contact LDAP server login: Authentication service cannot retrieve authentication info
I've probed with pam_localuser.so too, but I get the same error.
From: "Tay, Gary" <Gary_Tay@xxxxxxxxxx> Reply-To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx> To: "Pluggable Authentication Modules" <pam-list@xxxxxxxxxx> Subject: RE: Problem with user root Date: Fri, 21 May 2004 17:00:46 +0800
Hi,
Just guessing, u may want to add "rootok" somewhere...
See /usr/share/doc/pam-0.75/txts/README.pam_rootok, and all text files in the txts dir.
Rgds Gary
# $Id: README,v 1.1.1.1 2000/06/20 22:11:56 agmorgan Exp $ #
this module is an authentication module that performs one task: if the id of the user is '0' then it returns 'PAM_SUCCESS' with the 'sufficient' /etc/pam.conf control flag it can be used to allow password free access to some service for 'root'
Recognized arguments:
debug write a message to syslog indicating success or failure.
module services provided:
auth _authentication and _setcred (blank)
Andrew Morgan
-----Original Message----- From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Javier Ferruz Rodriguez Sent: Friday, May 21, 2004 4:23 PM To: pam-list@xxxxxxxxxx Subject: Problem with user root
Hi,
I've configured my RHEL 2.1 AS for authentication users in LDAP. My LDAP
server is SunOne Directory 5.2
My /etc/nsswitch.conf file is
password files ldap group files ldap shadow files ldap
My /etc/pam.d/login
auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 session optional /lib/security/pam_console.so
My /etc/pam.d/system-auth is
auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so
The configuration is OK when the LDAP server is running. All users are validated in the LDAP server except root.
When the LDAP server is down, root can't validate in the system. Why?
Can anybody help me?
Thanks in advance,
_________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
