bugzilla-daemon at mindrot.org
2003-Oct-09 22:34 UTC
[Bug 740] Sun's pam_ldap account management is not working
http://bugzilla.mindrot.org/show_bug.cgi?id=740
Summary: Sun's pam_ldap account management is not working
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: solovam at louisville.stortek.com
Tested on Solaris 8/9 with the latest pam_ldap from Sun.
When PAM account management functions are enabled with something like:
==other account required pam_ldap.so.1
==
in pam.conf no logins are possible.
Below is the pertaining section of the sshd run output with -ddd option:
==debug3: monitor_read: checking request 52
debug3: mm_answer_pam_free_ctx
debug3: mm_request_send entering: type 53
debug3: mm_do_pam_account entering
debug3: mm_request_send entering: type 44
debug3: mm_request_receive_expect entering: type 45
debug3: mm_request_receive entering
debug2: monitor_read: 52 used once, disabling now
debug3: mm_request_receive_expect entering: type 44
debug3: mm_request_receive entering
debug3: do_pam_account: pam_acct_mgmt = 9
debug3: mm_request_send entering: type 45
debug3: mm_do_pam_account returning 0
==
pam_acct_mgmt returns 9 (PAM_AUTH_ERR) even though the account is valid (not
expired, etc).
The same box works fine with the native Solaris 9 sshd, telnetd and other
services, so the account management DOES work and there is NO configuration
problems.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Oct-09 22:36 UTC
[Bug 740] Sun's pam_ldap account management is not working
http://bugzilla.mindrot.org/show_bug.cgi?id=740 ------- Additional Comments From solovam at louisville.stortek.com 2003-10-10 08:36 ------- Oh, yes, if the "account" part is disabled in the /etc/pam.conf, it is working fine. So, the authentication works, only the account management does not. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- OpenSSH_4.3p2 fails to create a pty session
- sshd (openssh 3.7.1p1) dies during login on Solaris 8 system with SRM installed
- [Bug 740] Sun's pam_ldap account management is not working
- OpenSSH public key problem with Solaris 10 and LDAP users?
- kerberos + gssapi password change