On 11/02/2011 11:11 AM, luxInteg wrote: > On Saturday 22 October 2011 17:58:56 DJ Lucas wrote: >>> Thanks for the randon thoughts. AND more such would be most appreciated. >>> >>> sincerely >>> luxInteg >> >> # Begin /etc/pam.d/system-auth >> >> auth sufficient pam_ldap.so >> auth required pam_unix.so use_first_pass >> >> # End /etc/pam.d/system-auth >> >> In the example above, pam_ldap was checked first, it provided the >> passing vote so to speak, in this case the success auth token is passed >> to the required pam_unix module. The use_first_pass directive to >> pam_unix allows it to use the information obtained from the previous >> module in its own evaluation of the requirement. A simple example, but >> one that works for system I was speaking about last night. If pam_ldap >> fails to auth, then using sufficient allows pam_unix to ignore the >> previous one and fall back to /etc files (shadow). > > I have to iterations of openldap-2.4.23 (both on 64bit amd-based machines) > > --A- built with the configure script not mentioning bdb; but the > openldap-2.4.23 sources compiled and generated a test file (with make > test) of some 40k lines (2.1 Mbytes in size) > > --B- compiled with berkeley-db configured either as module or 'yes' and > generated a (post-compiled) test file of ~100kbytes. 'make test' fails > consistently on test-29 no matter if LDFLAGS is set or not set. >
Any difference in the version of Berkeley DB? Is there an included DB with OpenLDAP? What is the failure output? I don't have the time right this second to build it. > I have pam_ldap and nss_ldap as per the cblfs site. > ( http://cblfs.cross-lfs.org/index.php/Pam_ldap ) installed > > > As regards login > > --A allows login whatever the status of openldap > --B only allows login if slapd is running it seems to ignore > /etc/pam.d/system-auth settings? > > > any suggestion > Unfortunately, it sounds like either a logic error in your PAM configuration, or incorrect login binary. What does /etc/pam.d/login contain on the failing system vs. the working system? Is it just the default that is included in the book? Also, which login utility is being used? There are three to choose from, you should be using the one from Shadow after it was recompiled with PAM support. Any chance it was overwritten by one of the other(s)? -- DJ Lucas -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page