[Cooker] kdm auth broken for non-local auth

Buchan Milne Wed, 08 Jan 2003 04:16:17 -0800

I logged out after I got kde3rc6 upgraded, and couldn't log back in.
We're using LDAP and pam_smb, the config is in /etc/pam.d/system-auth,
and kdm has been working since I started running cooker on this box. gdm
still works, and I haven't touched it's pam file.


I get this in auth.log

Jan  8 13:56:04 bgmilne kde3(pam_unix)[19894]: check pass; user unknown
Jan  8 13:56:04 bgmilne kde3(pam_unix)[19894]: authentication failure;
logname=
uid=0 euid=0 tty=:0 ruser= rhost=

[bgmilne:~]# cat /etc/pam.d/kde3
#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

[bgmilne:~]# cat /etc/pam.d/system-auth
#%PAM-1.0

auth       required       /lib/security/pam_nologin.so
auth       required       /lib/security/pam_env.so
auth       sufficient     /lib/security/pam_ldap.so
auth       sufficient     /lib/security/pam_smb_auth.so use_first_pass
auth       sufficient     /lib/security/pam_unix.so likeauth nullok
try_first_pass
auth       required       /lib/security/pam_deny.so

account    sufficient     /lib/security/pam_ldap.so
account    sufficient     /lib/security/pam_unix.so
account    required       /lib/security/pam_deny.so

password   required       /lib/security/pam_cracklib.so retry=3 minlen=2
 dcredit=0  ucredit=0
password  sufficient      /lib/security/pam_ldap.so
password   sufficient     /lib/security/pam_unix.so nullok use_authtok
md5 shadow use_first_pass
password   required       /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     sufficient      /lib/security/pam_ldap.so
session     sufficient      /lib/security/pam_unix.so
session   required       /lib/security/pam_deny.so


I actually upgraded to rc6 to see what /etc/pam.d/kscreensaver3
contains, since it was *really* broken, and I previsouly had to change
it so I could unlock the screensaver.

This should be good enough for kscreensaver:
[bgmilne:~]# cat /etc/pam.d/xlock
#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth

and xscreensaver uses it too.


Is anyone else using non-local authentication (ie ldap, winbind,
kerberos) having problems with kdm?

-- 
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

[Cooker] kdm auth broken for non-local auth

Reply via email to