[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Telnet and PAM

On Thu, 14 Sep 2000, Kelli Wolfe wrote:

> I've got some more information/weirdness on my Telnet problem.

> If I sit at the console, I can login with an LDAP only account
> that has a clear text password.  I cannot login with an LDAP
> account that has an encrypted password.  I also cannot login
> with an account that is in both the LDAP and the passwd files.
> I cannot telnet with any of the above accounts.  I can ssh with
> all of the accounts.

How do you have the PAM modules stacked in your /etc/pam.d/login file?
Since you're using nss_ldap, if you use pam_unix it will find a password
entry for all of your users -- but it will fail to authenticate users that are
in LDAP, since AFAIK nss_ldap won't return the password field.

> It seems like I'm having a couple of problems with 'login'.
> I am running RedHat 6.2, so from what I understand, telnet is
> actually running login.  Login doesn't seem to be recognizing
> the {crypt} attribute on the password.  And something is
> causing remote telnet logins to immediately log back out.
> Before I started adding LDAP to the authentication, telnet
> worked just fine.

Login should have no knowledge of the {crypt} attribute: this should all be
handled inside pam_ldap.  If pam_ldap handles this correctly for ssh, I don't
understand why it wouldn't handle it correctly for login.

Steve Langasek
postmodern programmer

> -----Original Message-----
> From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On
> Behalf Of Ben Collins
> Sent: Wednesday, September 13, 2000 12:30 PM
> To: pam-list@redhat.com
> Subject: Re: Telnet and PAM
> On Wed, Sep 13, 2000 at 09:04:10AM -0500, Kelli Wolfe wrote:
> > Hello,
> >
> > I've seen in the archives where people are using Telnet
> > and PAM together, how?  I have OpenSSH authenticating
> > against OpenLDAP with nss_ldap and pam_ldat, but every
> > time I try to telnet to the machine I get the error:
> > Connection closed by foreign host.  It appears in the
> > LDAP logs to authenticate properly, but then it just
> > dies.
> Sounds like something is getting a segv. Could be login (do console logins
> work?), or one of the *-ldap modules, or even PAM itself.
> --
>  -----------=======-=-======-=========-----------=====------------=-=------
> /  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
> `  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
>  `---=========------=======-------------=-=-----=-===-======-------=--=---'
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []