[sudo-users] sudo + openldap + freebsd 7

François Mehault Francois.Mehault at netplus.fr
Fri May 29 09:14:24 EDT 2009

Well I am curious in fact, this my sudo but could you confirm me that it is correct (no unuseful information for example)

auth            sufficient      pam_opie.so                     no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so               no_warn allow_local
#auth           sufficient      pam_krb5.so                     no_warn try_first_pass
#auth           sufficient      pam_ssh.so                      no_warn try_first_pass
#auth           optional        /usr/lib/pam_echo.so            test
auth            sufficient      pam_unix.so                     no_warn try_first_pass
auth            optional        /usr/lib/pam_echo.so            openldap alive ??? wrong local passwd ???
auth            required        /usr/local/lib/pam_ldap.so      no_warn try_first_pass
#auth           sufficient      /usr/lib/pam_radius.so          no_warn

# account
account         required        /usr/local/lib/pam_ldap.so      ignore_unknown_user ignore_authinfo_unavail
account         required        pam_nologin.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so                     no_warn try_first_pass
password        required        pam_unix.so                     no_warn try_first_pass

I think there is lot of lines which are unuseful.

-----Message d'origine-----
De : sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] De la part de Jordi Espasa Clofent
Envoyé : vendredi 29 mai 2009 10:41
À : sudo-users at sudo.ws
Objet : Re: [sudo-users] sudo + openldap + freebsd 7

I have a similiar environment and works like a charm.
I suspect a PAM error. Can you show a simple 'cat /etc/pam.d/sudo' output?

Jordi Espasa Clofent
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list