PAM troubleshooting
redhat at buglecreek.com
redhat at buglecreek.com
Thu Mar 30 16:58:09 UTC 2006
I am trying to troubleshoot what appears to be a PAM issue with LDAP
authentication. I can authenticate find with ldap, but when I try to su
- I get an access denied with nothing logged in any of the log files.
This seems to happen when the "pam_check_host_attr" is on in the
ldap.conf file. The only way I can get around this is to change
"required" to "sufficient" in the account section of
/etc/pam.d/system-auth for the pam_unix module (/etc/pam.d/su uses
system-auth). This is required on some systems and on identically
configure systems it is not. I would like to enable debugging for pam.
I have tried to add the debug option to the end of the pam_unix and
pam_ldap module, but I don't seem to see any more syslog output than
when it was not there. I also added the following line to syslog.conf:
" *.debug,authpriv.* /var/log/mydebug"
I even tried "*.* /var/log/mydebug" with no increase in pam logging.
Is something else required to get pam debug messages?
Thanks
More information about the Redhat-install-list
mailing list