[sudo-workers] ldap and password

Brian L Farrell blfarrell at ra.rockwell.com
Tue Aug 24 15:14:40 EDT 2004


I did some quick testing on this and the second method (the first 
commented out one) will not authenticate. 

I am proposing the following updated version.   I tested it with one of 
the release candidates (that is what I had on the box I was testing 
on---sorry--but it did have the updated auth code).  The authentication 
problem was with auth didn't have a pam_unix.so.  Also, updated password 
to allow for password change to be forced on expired passwords.    I have 
not setup for the SMB authentication so I cannot speak to it from 
experience but it would seem you will need a auth line for pam_smb_auth.so 
as well.

Brian Farrell

# Sample /etc/pam.d/sudo file for Linux
#   There are two basic ways to configure PAM, either via pam_stack
#   or by explicitly specifying the various methods to use.
# Here we use pam_stack
auth       required              pam_stack.so service=system-auth
account    required              pam_stack.so service=system-auth
password   required              pam_stack.so service=system-auth
session    required              pam_stack.so service=system-auth
# Alternately, you can specify the authentication method directly.
# Here we use pam_unix for normal password authentication.
#auth       required             /lib/security/pam_env.so
#auth       sufficient           /lib/security/pam_unix.so
#account    required             /lib/security/pam_unix.so
#password   required             /lib/security/$ISA/pam_cracklib.so 
retry=3 type=
#password   sufficient           /lib/security/$ISA/pam_unix.so nullok 
use_authtok md5 shadow
#session    required             /lib/security/pam_limits.so
#session    required             /lib/security/pam_unix.so
# Another option is to use SMB for authentication.
#auth       required             /lib/security/pam_env.so
#account    required             /lib/security/pam_smb_auth.so
#password   required             /lib/security/pam_smb_auth.so
#session    required             /lib/security/pam_limits.so

"Todd C. Miller" <Todd.Miller at courtesan.com>
Sent by: sudo-workers-bounces at courtesan.com
08/23/2004 01:40 PM

        To:     Markus Rennings <news at rennings.net>
        cc:     sudo-workers at sudo.ws
        Subject:        Re: [sudo-workers] ldap and password

Speaking of PAM, I think it is time to update the sample.pam file
that comes with sudo.  Can someone with PAM experience comment on
the following wrt. accuracy and sanity?

 - todd

More information about the sudo-workers mailing list