> Hi! > I want to use ldap authentication for ftp users of Solaris server with > SunOS 5.7. > So, I installed pam-ldap and nss-ldap. If you mean the PADL implementation of LDAP and NSS via LDAP, it has little to do with this list. They don't need Linux-PAM at all to work with Solaris. > Now I can do 'getent passwd <ldap > user>' > and get info about that user from ldap. But connect through FTP doesn't > work. > My /etc/pam.conf is as follows: > -- > #%PAM-1.0 > auth required /lib/security/pam_listfile.so item=user > sense=deny file=/etc/ftpusers onerr=succeed > auth required /lib/security/pam_shells.so > auth sufficient /lib/security/pam_ldap.so.1 > account sufficient /lib/security/pam_ldap.so.1 > session sufficient /lib/security/pam_ldap.so.1 > -- > In ftp log I can see > -- > ... PAM(<user>): Dlopen failure. > ... USER <user> (Login failed): Incorrect password. > -- > > Maybe this is because of there are no files pam_listfile.so and > pam_shells.so in my SunOS 5.7? ... :) > Do I need to install Linux-PAM first to get these files? Yes. It is my experience that you don't need to use Linux-PAM implementation of the libpam to work with Solaris, but please correct me if I'm wrong. I managed to use Linux-PAM modules with the original Solaris 2.8 libpam without problems, along with PADL's modules. > I tried to compile Linux-PAM-0.77, but 'make' gives an error: > -- > rm -f security > ln -sf . security > make -C modules all > make[1]: Entering directory `/u01/soft/Linux-PAM-0.77/modules' > building the static modutil library > make -C pammodutil all > make -C pammodutil all > make[2]: Entering directory `/u01/soft/Linux-PAM-0.77/modules/pammodutil' > mkdir -p static > gcc -Wall -Wwrite-strings -Wpointer-arith -Wcast-qual -Wcast-align > -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline > -Wshadow -Dsunos -ansi -pedantic -I./include > -I/u01/soft/Linux-PAM-0.77/libpam/include -I/u01/soft/Linux-PAM-0.77 > -I/u01/soft/Linux-PAM-0.77/libpamc/include -fPIC -DLIBPAM > _VERSION_MAJOR=0 -DLIBPAM_VERSION_MINOR=77 -c modutil_cleanup.c -o > static/modutil_cleanup.o > gcc -Wall -Wwrite-strings -Wpointer-arith -Wcast-qual -Wcast-align > -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline > -Wshadow -Dsunos -ansi -pedantic -I./include > -I/u01/soft/Linux-PAM-0.77/libpam/include -I/u01/soft/Linux-PAM-0.77 > -I/u01/soft/Linux-PAM-0.77/libpamc/include -fPIC -DLIBPAM > _VERSION_MAJOR=0 -DLIBPAM_VERSION_MINOR=77 -c modutil_getpwnam.c -o > static/modutil_getpwnam.o > modutil_getpwnam.c: In function `_pammodutil_getpwnam': > modutil_getpwnam.c:43: error: too many arguments to function `getpwnam_r' > modutil_getpwnam.c:43: warning: assignment makes integer from pointer > without a cast > make[2]: *** [static/modutil_getpwnam.o] Error 1 > make[2]: Leaving directory `/u01/soft/Linux-PAM-0.77/modules/pammodutil' > make[1]: *** [all] Error 2 > make[1]: Leaving directory `/u01/soft/Linux-PAM-0.77/modules' > make: *** [modules] Error 2 > -- > What can be done? How can I get working PAM? You need to explicitly define __EXTENSIONS__ and _POSIX_PTHREAD_SEMANTICS (e.g. CPPFLAGS="-D__EXTENSIONS__ -D_POSIX_PTHREAD_SEMANTICS") to get the right API because Solaris supports different intermediate states of the POSIX for pwd.h; see /usr/include/pwd.h for details. There might be other tweaks needed, based on the version of Solaris and Linux-PAM. I recently managed to compile Linux-PAM 0.78 on Solaris 2.8. p. -- Pierangelo Masarati mailto:pierangelo.masarati@xxxxxxxxxx SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497 _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
