Date: Thu, 18 Nov 2004 13:18:26 +0100 From: jesk <jesk@killall.org> To: Doug White <dwhite@gumbysoft.com> Cc: freebsd-stable@freebsd.org Subject: Re: Pam Authorization Problem Message-ID: <154B409211E0F95AECBC0708@jesk.int.de.clara.net> In-Reply-To: <2F887177131431751CB6B6CB@jesk.int.de.clara.net> References: <2627048885E8BF7F8DCDCFD2@jesk.int.de.clara.net> <200411102021.18553.pokui@psg.com> <001001c4c755$2eb4b980$45fea8c0@turbofresse> <20041117184612.J29048@carver.gumbysoft.com> <BB0586A6DD82B937DC1DF167@jesk.int.de.clara.net> <2F887177131431751CB6B6CB@jesk.int.de.clara.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> iam very amazed, because i thought that with this ldap line its also > necessary that > 'account required pam_unix.so' must return 'ok' that the authorization > part is successfull, but the ldap account is there not available. > but thanks anyway it solved my requirements! hi again, i recognized that if the user is found via AUTH in ldap and authenticated there, that its not possible for ACCOUNT to jump from pam_ldap.so to pam_unix.so. i checked this as i used 'su' to switch to root but then i became the message: --- You must be a uniqueMember of cn=klever,ou=hosts,dc=x,dc=x,dc=x to login. su: Sorry --- root does exist in ldap for AUTH but not for ACCOUNT, but root should be used locally via pam_unix.so. /etc/pam.d/system is configured like /etc/pam.d/sshd and so /etc/pam.d/su should be very likely the same as /etc/pam.d/sshd through the include in it. maybe you have an answer to this too :) thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?154B409211E0F95AECBC0708>