Hi list, I'm writing to all you because I need help to configure de pam_ccreds to allow ldap users to login in their local machines without network. To do this, we are triying to use pam credentials that cached the user credentials. My system is a RHEL4 (beta 2) with ldap authentification enabled (and working perfectly) and I have installed the Red Hat pam_ccreds-1-3 package (included in that distribution). When I shut down network interface and I try to login with a only ldap user (no local), I see a flash message saying that I'm login in using cache credentials. A second message is prompted saying that the system cannot retrieve authentication info and the system show again the login screen. So I can't do login without network. I'm looking for a solution, because this is a part of a project migration (windows to linux) and we need a centraliced user management (ldap) where the users can do login without network (because they need to work with local applications indistinctly of that there is network or not). My /etc/pam.d/system-auth file is: ----------------------------------------- auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth sufficient /lib/security/$ISA/pam_ccreds.so action=validate use_first_pass auth sufficient /lib/security/$ISA/pam_ccreds.so action=store auth optional /lib/security/$ISA/pam_ccreds.so action=update auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so session optional /lib/security/pam_mkhomedir.so skel=/etc/skel umask=022 ------------------------------------------- and the important section of /etc/nsswitch.conf ------------------------------------------ ... passwd: files ldap db shadow: files ldap db group: files ldap db ... ------------------------------------------ I don't known if the problem is in the way that I specify pam_ldap.so and pam_unix.so (with the appropiates arguments) or if it is in other configuration params. I'm looking for documentation but by the moment I have not found any documentation. If someone has the same problem or knowns where can I found configuration examples I would be very grateful. Regards, -- Oscar Nogales Repiso Departamento de Sistemas y Comunicaciones Brújula Telecom T. +34 971 433 909 - F. +34 971 433 910 www.brujulatelecom.com _________________________________ En el corazón de su negocio _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
