[sudo-users] problems with sudo, ldap, and passwords

Jordi Espasa Clofent jespasac at minibofh.org
Tue Mar 9 03:51:39 EST 2010


I hope it helps a bit:

# cat /etc/pam.d/sudo && cat /etc/pam.d/sshd && uname -r

#
# $FreeBSD: ports/security/sudo/files/pam.conf,v 1.5 2008/04/09 16:44:28 
tmclaugh Exp $
#
# PAM configuration for the "sudo" service
#
# auth
#auth           include         system
auth            required      /usr/local/lib/pam_ldap.so

# account
#account                include         system
account         sufficient      /usr/local/lib/pam_ldap.so

# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
#session                required        pam_permit.so
session         sufficient      /usr/local/lib/pam_ldap.so

# password
#password       include         system
password        sufficient      /usr/local/lib/pam_ldap.so

#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15.12.1 2007/08/17 11:28:25 yar Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth		sufficient	pam_opie.so		no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn allow_local
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn 
try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account 	required	pam_krb5.so
account		required	pam_login_access.so
account         sufficient      /usr/local/lib/pam_ldap.so
account		required	pam_unix.so

# session
#session 	optional	pam_ssh.so
session         required       /usr/local/lib/pam_mkhomedir.so
session		required	pam_permit.so

# password
#password	sufficient	pam_krb5.so		no_warn try_first_pass
password        sufficient      /usr/local/lib/pam_ldap.so      use_authok
password	required	pam_unix.so		no_warn try_first_pass
7.0-RELEASE-p4



More information about the sudo-users mailing list