[sudo-workers] ldap and password
Brian L Farrell
blfarrell at ra.rockwell.com
Tue Aug 24 15:14:40 EDT 2004
Todd,
I did some quick testing on this and the second method (the first
commented out one) will not authenticate.
I am proposing the following updated version. I tested it with one of
the release candidates (that is what I had on the box I was testing
on---sorry--but it did have the updated auth code). The authentication
problem was with auth didn't have a pam_unix.so. Also, updated password
to allow for password change to be forced on expired passwords. I have
not setup for the SMB authentication so I cannot speak to it from
experience but it would seem you will need a auth line for pam_smb_auth.so
as well.
Brian Farrell
#%PAM-1.0
# Sample /etc/pam.d/sudo file for Linux
# There are two basic ways to configure PAM, either via pam_stack
# or by explicitly specifying the various methods to use.
#
# Here we use pam_stack
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
#
# Alternately, you can specify the authentication method directly.
# Here we use pam_unix for normal password authentication.
#auth required /lib/security/pam_env.so
#auth sufficient /lib/security/pam_unix.so
#account required /lib/security/pam_unix.so
#password required /lib/security/$ISA/pam_cracklib.so
retry=3 type=
#password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
#session required /lib/security/pam_limits.so
#session required /lib/security/pam_unix.so
#
# Another option is to use SMB for authentication.
#auth required /lib/security/pam_env.so
#account required /lib/security/pam_smb_auth.so
#password required /lib/security/pam_smb_auth.so
#session required /lib/security/pam_limits.so
"Todd C. Miller" <Todd.Miller at courtesan.com>
Sent by: sudo-workers-bounces at courtesan.com
08/23/2004 01:40 PM
To: Markus Rennings <news at rennings.net>
cc: sudo-workers at sudo.ws
Subject: Re: [sudo-workers] ldap and password
Speaking of PAM, I think it is time to update the sample.pam file
that comes with sudo. Can someone with PAM experience comment on
the following wrt. accuracy and sanity?
- todd
More information about the sudo-workers
mailing list