[rhn-users] problem connection in local with account root

Chandler Wilkerson chwilk at rice.edu
Tue Jul 22 12:29:49 UTC 2008 

Good point; I also neglected to read carefully what was going on with  
the pam.d files. It looks like GanGan has overridden the default  
include of system-auth and set up sshd on its own with a few  
modifications like pam_mkhomedir and pam_group.

Okay, the actual pam line that seems to allow local auth is:

account     sufficient    pam_localuser.so

There is also a flag in the "password    sufficient    pam_unix.so"  
line, "try_first_pass" that may affect local users.

--
Chandler

On Jul 22, 2008, at 3:20 AM, Mertens, Bram wrote:

> Don't forget that using the system-config tools will overwrite any
> changes you made to the config files!
>
> Regards
>
> Bram
>
>>
>
>
> Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830  
> Willebroek
> VAT BE 406.024.281, RPR Mechelen, ING  310-0092504-52, IBAN : BE64  
> 3100 0925 0452, SWIFT : BBRUBEBB
>
> -----Original Message-----
>> From: rhn-users-bounces at redhat.com
>> [mailto:rhn-users-bounces at redhat.com] On Behalf Of Chandler Wilkerson
>> Sent: zaterdag 19 juli 2008 22:40
>> To: Discussions about Red Hat Network (rhn.redhat.com)
>> Subject: Re: [rhn-users] problem connection in local with account  
>> root
>>
>> The easiest way is via the system-config-authentication tool. In the
>> options tab, select the option for "local authentication sufficient
>> for local accounts"
>>
>> --
>> Chandler Wilkerson
>> Rice University
>>
>> On Jul 17, 2008, at 10:36 AM, GanGan wrote:
>>
>>> hello all
>>>
>>> I have problem for connect in local in my server rhel 5.1with the
>>> root account
>>>
>>> all the connection with ssh are good, root too
>>> I use ldap for other account
>>> the root account is not in ldap
>>> my /etc/nsswitch.conf
>>> passwd:     files [SUCCESS=return] ldap
>>> shadow:     files [SUCCESS=return] ldap
>>> group:      files [SUCCESS=return] ldap
>>> when I delete ldap in my nsswitch.conf the connection local
>> with the
>>> root account works well
>>> I have modified /etc/pam.d/sshd no other files in /etc/pam.d/
>>> my /etc/pam.d/sshd
>>> auth        optional      pam_group.so
>>> auth        required      pam_env.so
>>> auth        sufficient    pam_unix.so likeauth
>>> auth        sufficient    pam_ldap.so use_first_pass
>>> auth        required      pam_deny.so
>>> auth        required      pam_warn.so
>>>
>>> account     sufficient    pam_unix.so
>>> account     sufficient    pam_ldap.so ignore_unknown_user
>>> account     required      pam_deny.so
>>> account     required      pam_warn.so
>>>
>>> password    required      pam_cracklib.so retry=2 minlen=8
>>> password    sufficient    pam_unix.so use_authok md5 shadow
>>> password    sufficient    pam_ldap.so use_authok
>>> password    required      pam_deny.so
>>> password    required      pam_warn.so
>>>
>>> session     optional      pam_mkhomedir.so skel=/etc/skel/
>> umask=077
>>> silent
>>> session     required      pam_limits.so
>>> session     optional      pam_ldap.so ignore_unknown_user
>>> session     required      pam_warn.so
>>> someone could help me
>>> - GanGan -
>>>
>>>
>>> _______________________________________________
>>> rhn-users mailing list
>>> rhn-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/rhn-users
>>>
>>> !DSPAM:3857,487f6710293721101591305!
>>
>> _______________________________________________
>> rhn-users mailing list
>> rhn-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhn-users
>>
>
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
>
> !DSPAM:3857,48859882306557719314360!
>
>

More information about the rhn-users mailing list