On Thu, Jul 16, 2009 at 12:34, Mail Delivery
System<Mailer-Daemon@xxxxxxxxxxxxxxx> wrote:
<snip>
> ----- Transcript of session follows -----
> ... while talking to mail.acampo.net:
>>>> RCPT To:<pam-list@xxxxxxxxxx>
> <<< 550 MAILBOX NOT FOUND OR DISABLED
> 550 <pam-list@xxxxxxxxxx>... User unknown or disabled
<snip>
> Envelope-to: snuggles@xxxxxxxxxx
Would a list admin please unsubscribe 'snuggles' so we'd stop getting
these bounces?
--- Begin Message ---
Return-path: <pam-list-bounces@xxxxxxxxxx>
Envelope-to: snuggles@xxxxxxxxxx
Delivery-date: Thu, 16 Jul 2009 20:34:37 +0200
Received: from [209.132.177.33] (helo=hormel.redhat.com)
by mail.acampo.net with esmtp (Exim 4.63)
(envelope-from <pam-list-bounces@xxxxxxxxxx>)
id 1MRVmi-0002Yb-3M
for snuggles@xxxxxxxxxx; Thu, 16 Jul 2009 20:34:37 +0200
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110])
by hormel.redhat.com (Postfix) with ESMTP id 278B661AAC5;
Thu, 16 Jul 2009 14:34:23 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
[172.16.52.254])
by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
n6GIYLan012457 for <pam-list@xxxxxxxxxxxxxxxxxxxxxxxxxxx>;
Thu, 16 Jul 2009 14:34:21 -0400
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6GIYKdW024820
for <pam-list@xxxxxxxxxx>; Thu, 16 Jul 2009 14:34:21 -0400
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24])
by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id n6GIY7LC026517
for <pam-list@xxxxxxxxxx>; Thu, 16 Jul 2009 14:34:07 -0400
Received: by ey-out-2122.google.com with SMTP id 9so94239eyd.39
for <pam-list@xxxxxxxxxx>; Thu, 16 Jul 2009 11:34:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
bh=aRwDpqAXapRDsfKFwcOpws3SwZ00A1Lxx23y98+pDrk=;
b=aTf2p26syEpIvmJLugQEz9BljY8d0HsU4ZbUR9D1OqwjWSbSO733NeonIbm01j2As8
foWS3xj0kLT0NPd2gWxENmYugcs6LiLmcGtRYdN3eoLtzUtgVnBvBJqjqaUJnFyqFEhh
v+TLbA9k3GUnTxNAUCCpEtqbuEt4KconcQs9s=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
b=k14Mp1T/413d9keveuCxoL5weQeyggBdooTaziACVetwVVh+av+UWXHlSijiPVtU6n
c1V0kb0qFWlGlrsITRldm7LHgBww580/8ZxpfvkC5naZrlNnNUY6CyWv9A+0skUt1Es7
AaeGwyql0+PFSsBVfNOnlbrBqatg0dG7nr7v0=
MIME-Version: 1.0
Received: by 10.210.51.10 with SMTP id y10mr10197639eby.12.1247769246837; Thu,
16 Jul 2009 11:34:06 -0700 (PDT)
In-Reply-To: <4A5F6A63.1030006@xxxxxxxxxxxxxxxx>
References: <C683596F.11EDF%greeneg@xxxxxxxxxxxxxx>
<200907161020.05580.mail@xxxxxxxxxxxx>
<200907160841.39296.greeneg@xxxxxxxxxxxxxx>
<4255c2570907160919s416fd4fbk9505766044f22bd3@xxxxxxxxxxxxxx>
<4A5F6A63.1030006@xxxxxxxxxxxxxxxx>
Date: Thu, 16 Jul 2009 12:34:06 -0600
Message-ID: <4255c2570907161134p3b6366dsb72baa39792dc9ed@xxxxxxxxxxxxxx>
From: RB <aoz.syn@xxxxxxxxx>
To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8
X-RedHat-Spam-Score: -0.053
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
X-Scanned-By: MIMEDefang 2.63 on 172.16.48.32
X-MIME-Autoconverted: from quoted-printable to 8bit by
listman.util.phx.redhat.com id n6GIYLan012457
X-loop: pam-list@xxxxxxxxxx
Subject: Re: pam/winbind user not found problem
X-BeenThere: pam-list@xxxxxxxxxx
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx>
List-Id: Pluggable Authentication Modules <pam-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/pam-list>,
<mailto:pam-list-request@xxxxxxxxxx?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/pam-list>
List-Post: <mailto:pam-list@xxxxxxxxxx>
List-Help: <mailto:pam-list-request@xxxxxxxxxx?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/pam-list>,
<mailto:pam-list-request@xxxxxxxxxx?subject=subscribe>
Sender: pam-list-bounces@xxxxxxxxxx
Errors-To: pam-list-bounces@xxxxxxxxxx
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -5.7 (-----)
X-Spam-Score-Rev: ----- (-5.7)
X-Spam-Status: hits=-5.7 tests=RCVD_IN_DNSWL_MED,RDNS_NONE
X-Info: valid message
X-Info: original Date
On Thu, Jul 16, 2009 at 11:58, Les Mikesell<les@xxxxxxxxxxxxxxxx> wrote:
> This isn't strictly a PAM issue, but rather with the default RHEL5.x
> configuration (and Centos, and probably fedora). =C2=A0Does anyone know=
what they
> were thinking?
Ostensibly, they were trying to authenticate system users without
passing said users' credentials on to winbind. Whether intentional or
not, it seems they assumed users would have a UID that could be
resolved by pam_unix. That's often the case, but with proper
enterprise-level user management (no local accounts) the assumption
breaks.
> Should most pam auth modules know anything about uid's?
By all means - auth is probably the most important place for UIDs/GIDs
to be known.
> I thought that was account info. =C2=A0If the idea is to keep the 'syst=
em' accounts
> (below 500 by convention)in the passwd file, is there a better way to d=
o it?
Probably should have used something to this effect instead of 'requisite'=
:
[success=3Dok new_authtok_reqd=3Dok ignore=3Dignore default=3Ddie user_un=
known=3Dignore]
Which is, of course, according to pam.conf(5) the same as 'requisite'
with the added control of ignoring unknown users. Allows the stack to
shortcut if it's a system user with bad credentials but still passes
completely unresolved credentials on.
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
--- End Message ---
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
