Problems with config= in module config

Jason Lixfeld <jason+lists.pam@xxxxxxxxxx> · Mon, 6 Sep 2004 01:29:52 -0400

I dug this up from a how-to.  They suggested that I could use a config= 
line in my pam module config to specify a special config file to use in 
order to determine if a user is allowed to authenticate via that 
module.

For instance, the /etc/pam.d/ssh file looks like this:

auth            required        pam_nologin.so                  no_warn

auth            sufficient      pam_opie.so                     no_warn 
no_fake_prompts

auth            requisite       pam_opieaccess.so               no_warn 
allow_local

auth            sufficient      /usr/local/lib/pam_ldap.so      
config=/usr/local/etc/openldap/ldap-ssh.conf debug try_first_pass

auth            required        pam_unix.so                     no_warn 
try_first_pass

account         required        pam_login_access.so

account         sufficient      /usr/local/lib/pam_ldap.so      debug

account         required        pam_unix.so

session         required        pam_permit.so

password        sufficient      /usr/local/lib/pam_ldap.so      debug

password        required        pam_unix.so                     no_warn 
try_first_pass

The config file referenced looks like this:

host 127.0.0.1
base dc=example,dc=com
rootbinddn cn=proxyuser,dc=example,dc=com
scope one
pam_groupdn cn=ssh,ou=services,dc=example,dc=com
pam_member_attribute member
pam_password SSHA

when I try to login, I get these errors:

Sep  6 00:07:45 eshara sshd[59637]: error: PAM: authentication error
Sep  6 00:07:45 eshara sshd[59637]: error: PAM: authentication error
Sep  6 00:07:45 eshara sshd[59637]: error: PAM: authentication error

I can't figure out how to get any more debugging out of pam, so I'm at 
a little bit of a loss.

Platform is FreeBSD 5.2.1-p9.  sshd  3.6.1p1.

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list