[rhn-users] problem connection in local with account root
Chandler Wilkerson
chwilk at rice.edu
Tue Jul 22 12:29:49 UTC 2008
Good point; I also neglected to read carefully what was going on with
the pam.d files. It looks like GanGan has overridden the default
include of system-auth and set up sshd on its own with a few
modifications like pam_mkhomedir and pam_group.
Okay, the actual pam line that seems to allow local auth is:
account sufficient pam_localuser.so
There is also a flag in the "password sufficient pam_unix.so"
line, "try_first_pass" that may affect local users.
--
Chandler
On Jul 22, 2008, at 3:20 AM, Mertens, Bram wrote:
> Don't forget that using the system-config tools will overwrite any
> changes you made to the config files!
>
> Regards
>
> Bram
>
>>
>
>
> Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830
> Willebroek
> VAT BE 406.024.281, RPR Mechelen, ING 310-0092504-52, IBAN : BE64
> 3100 0925 0452, SWIFT : BBRUBEBB
>
> -----Original Message-----
>> From: rhn-users-bounces at redhat.com
>> [mailto:rhn-users-bounces at redhat.com] On Behalf Of Chandler Wilkerson
>> Sent: zaterdag 19 juli 2008 22:40
>> To: Discussions about Red Hat Network (rhn.redhat.com)
>> Subject: Re: [rhn-users] problem connection in local with account
>> root
>>
>> The easiest way is via the system-config-authentication tool. In the
>> options tab, select the option for "local authentication sufficient
>> for local accounts"
>>
>> --
>> Chandler Wilkerson
>> Rice University
>>
>> On Jul 17, 2008, at 10:36 AM, GanGan wrote:
>>
>>> hello all
>>>
>>> I have problem for connect in local in my server rhel 5.1with the
>>> root account
>>>
>>> all the connection with ssh are good, root too
>>> I use ldap for other account
>>> the root account is not in ldap
>>> my /etc/nsswitch.conf
>>> passwd: files [SUCCESS=return] ldap
>>> shadow: files [SUCCESS=return] ldap
>>> group: files [SUCCESS=return] ldap
>>> when I delete ldap in my nsswitch.conf the connection local
>> with the
>>> root account works well
>>> I have modified /etc/pam.d/sshd no other files in /etc/pam.d/
>>> my /etc/pam.d/sshd
>>> auth optional pam_group.so
>>> auth required pam_env.so
>>> auth sufficient pam_unix.so likeauth
>>> auth sufficient pam_ldap.so use_first_pass
>>> auth required pam_deny.so
>>> auth required pam_warn.so
>>>
>>> account sufficient pam_unix.so
>>> account sufficient pam_ldap.so ignore_unknown_user
>>> account required pam_deny.so
>>> account required pam_warn.so
>>>
>>> password required pam_cracklib.so retry=2 minlen=8
>>> password sufficient pam_unix.so use_authok md5 shadow
>>> password sufficient pam_ldap.so use_authok
>>> password required pam_deny.so
>>> password required pam_warn.so
>>>
>>> session optional pam_mkhomedir.so skel=/etc/skel/
>> umask=077
>>> silent
>>> session required pam_limits.so
>>> session optional pam_ldap.so ignore_unknown_user
>>> session required pam_warn.so
>>> someone could help me
>>> - GanGan -
>>>
>>>
>>> _______________________________________________
>>> rhn-users mailing list
>>> rhn-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/rhn-users
>>>
>>> !DSPAM:3857,487f6710293721101591305!
>>
>> _______________________________________________
>> rhn-users mailing list
>> rhn-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhn-users
>>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
> !DSPAM:3857,48859882306557719314360!
>
>
More information about the rhn-users
mailing list