FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

LinkBack Thread Tools
Old 11-08-2010, 08:10 PM
Default pam_ldap login under centOS

Hello List

I am attempting to setup various pam modules to consult our new LDAP
services in order to do what it needs to do.

I have setup my /etc/pam.d sudo file (for example) this way in the
attempt to accomplish this via LDAP:

[root@VIRCENT03:~]#cat /etc/pam.d/sudo
auth include system-auth
auth required pam_ldap.so
account include system-auth
account required pam_ldap.so
password include system-auth
password required pam_ldap.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_ldap.so

but even tho the user is part of the %wheel group under LDAP it is
unable to sudo to any other account (including root). If I try to sudo
this is what happens:

[bluethundr@VIRCENT03:~]#sudo bash
[sudo] password for bluethundr:
bluethundr is not in the sudoers file. This incident will be reported.

It would appear that sudo support for ldap is compiled in:

[root@VIRCENT03:~]#ldd $(which sudo)| grep -i ldap
libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x00552000)

This is how I setup my ldap.conf file

[root@VIRCENT03:~]#cat /etc/openldap/ldap.conf
# LDAP Defaults

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#DEREF never
URI ldap://ldap.acadaca.net/
BASE dc=acadaca,dc=net
TLS_CACERTDIR /etc/openldap/cacerts
sudoers_base ou=sudoers,ou=Services,dc=acadaca,dc=net

In my openldap logs on the LDAP server there appears to be no activity
when I sudo. however in the secure logs on the client I do..

Nov 8 16:05:34 VIRCENT03 su: pam_unix(su-l:session): session opened
for user root by bluethundr(uid=500)
Nov 8 16:05:37 VIRCENT03 su: pam_unix(su-l:session): session opened
for user bluethundr by bluethundr(uid=0)
Nov 8 16:05:44 VIRCENT03 sudo: bluethundr : user NOT in sudoers ;
TTY=pts/5 ; PWD=/home/bluethundr ; USER=root ; COMMAND=/bin/bash

I do see other events in secure.log that appear to be pam successes
however. am i interpreting this correctly that at least part of the
system is communicating with pam on the ldap server?


Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
CentOS mailing list

Thread Tools

All times are GMT. The time now is 01:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org