[sudo-users] problems with sudo, ldap, and passwords
Jordi Espasa Clofent
jespasac at minibofh.org
Tue Mar 9 03:51:39 EST 2010
I hope it helps a bit:
# cat /etc/pam.d/sudo && cat /etc/pam.d/sshd && uname -r
#
# $FreeBSD: ports/security/sudo/files/pam.conf,v 1.5 2008/04/09 16:44:28
tmclaugh Exp $
#
# PAM configuration for the "sudo" service
#
# auth
#auth include system
auth required /usr/local/lib/pam_ldap.so
# account
#account include system
account sufficient /usr/local/lib/pam_ldap.so
# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
#session required pam_permit.so
session sufficient /usr/local/lib/pam_ldap.so
# password
#password include system
password sufficient /usr/local/lib/pam_ldap.so
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15.12.1 2007/08/17 11:28:25 yar Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required /usr/local/lib/pam_mkhomedir.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password sufficient /usr/local/lib/pam_ldap.so use_authok
password required pam_unix.so no_warn try_first_pass
7.0-RELEASE-p4
More information about the sudo-users
mailing list