openssh bugs - Nov 2003 - [Bug 740] Sun's pam_ldap account management is not working

http://bugzilla.mindrot.org/show_bug.cgi?id=740





------- Additional Comments From dtucker at zip.com.au  2003-11-19 23:20 -------
According to the man page, pam_ldap doesn't support account management.

$ man pam_ldap
[snip]
     The  pam_ldap.so.1  module  supports  two  components:   the
     Authentication  component  and  the Password management com-
     ponent.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=740





------- Additional Comments From solovam at louisville.stortek.com  2003-11-20
09:26 -------
Account management most definitely works with pam_ldap. Please see native telnet
and natiive Solaris 9 ssh. The man pages ol Solaris are outdated and do not get
updates with patches. 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=740





------- Additional Comments From dtucker at zip.com.au  2003-11-20 17:52 -------
Created an attachment (id=504)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=504&action=view)
Call do_pam_account and pam_chauthtok() from authentication thread.

Looking at this, my guess is that pam_ldap dislikes being called from a
different process than the one that called pam_authenticate.

Please try this patch, which calls do_pam_account from the authentication
thread.

It still fails on my system but that seems to be only because I don't have
LDAP
set up:
testsshd[23488]: libsldap: Status: 2  Mesg: Unable to load configuration
'/var/ldap/ldap_client_file'



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.