[sudo-users] sudo: uid XXXX does not exist in the passwd file!
rhatuk66 at googlemail.com
Wed Jun 13 11:04:27 EDT 2007
I've the default RHEL4 config for the sudo which, if I'm not wrong, is
fwding the processing to the system-auth pam conf. (please see below)
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_limits.so
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account [default=bad success=ok user_unknown=ignore]
account required /lib/security/$ISA/pam_permit.so
account required /lib/security/$ISA/pam_access.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
password sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
I do have doubts about the system-auth pam conf, I couldnt find where the
getpwnam function will look for the password database...
Thanks for your help,
On 6/12/07, Andreas Hasenack <ahasenack at terra.com.br> wrote:
> On Tue, Jun 12, 2007 at 10:28:40PM +0100, rhatuk wrote:
> > hi chaps,
> > I've a RHEL4 sudo ldap client authenticating against an ldap directory
> > server where I'm currently being able to authenticate and list users
> > getent passwd, groups, etc., with no problem.
> > I've setup some sudo entries on the directory, and run some tests using
> > local users (/etc/passwd users).
> > however, when I try to do the same with an authenticated ldap user, I
> got a
> > "sudo: uid XXX does not exist in the passwd file!"
> > I've check the source code and this seems to be caught when running the
> > "getpwnam()" function; couldnt find documentation about if this function
> > ends up using PAM modules to gather info about the passwd database or if
> > just tries to read /etc/passwd.
> > I've strace'd it and can sudo trying to connect to the directory server,
> > also when debugging the directory server transactions I see some
> > but still can make it work right...
> > any ideas? :)
> Is the sudo pam file using pam_ldap as well?
> Also, are you using some sort of tls/ssl config?
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-users