Ed Sponsler wrote:
I have RHEL 3.0 AS with ldap configured to authenticate and
pam_mkhomedir in /etc/pam.d/system-auth to create home directories if
they don't exist. Everything works fine, except when I su, which causes
segmentation fault.
Removing the pam_mkhomedir line in /etc/pam.d/system-auth fixes the su
problem, but of course I need that to make home directories.
[ed@wrk ed]$ ssh eds@ccdc
eds@ccdc's password:
Creating directory '/home/eds'.
Creating directory '/home/eds/.kde'.
Creating directory '/home/eds/.kde/Autostart'.
/usr/X11R6/bin/xauth: creating new authority file /home/eds/.Xauthority
// Yeah it works! But...
[eds@ccdc ~]$ su
Password:
Segmentation fault
/var/log/messages
Feb 10 11:28:51 ccdc su(pam_unix)[8750]: session opened for user root by
eds(uid=7365)
Feb 10 11:28:51 ccdc su(pam_unix)[8750]: session closed for user root
/etc/pam.d/system-auth
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
I have used pam_mkhomdir with LDAP Auth without issue on RH FC2.
(PAM_LDAP 1.69, NSS_LDAP 2.20, OpenLDAP 2.2.17, recent version of
pam_mkhomedir). This was for testing only, I still feel NFS mounted home
directories provides better management.
May be the following change could help you, it is used to fix "su -
ldapid" issue (incorrect password despite correct pw entered, a bug
reported in RH Bugzilla)
*
# diff /etc/pam.d/system-auth /etc/pam.d/system-auth.ldapauth
9c9
< account required /lib/security/$ISA/pam_unix.so
---
account sufficient /lib/security/$ISA/pam_unix.so
Content of /etc/pam.d/system-auth that will fix “su – incorrect password
issue”.
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
# Un-comment the next line if you want pam_mkhomedir.so to mkdir $HOME
on the fly
session sufficient pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
NOTE 1: "authconfig" will at the end of the run, stop and restart
/etc/init.d/nscd, if it hangs, press CTRL-C and then run "service nscd
restart"
NOTE 2: if “authconfig” is re-run again, /etc/pam.d/system-auth will be
re-generated and overwritten, therefore manual edit of this file is
required if there are customizations.
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
