-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andy Speagle wrote: > On Tue, 2009-08-25 at 11:28 -0500, Brandon Perkins wrote: >> So, this doesn't look right to me, I'd expect something more along the >> lines of: >> >> #%PAM-1.0 >> auth required pam_env.so >> auth sufficient pam_ldap.so no_user_check >> auth required pam_deny.so >> account required pam_ldap.so no_user_check >> >> Notice the 'no_user_check's. My PAM is a bit rusty, so I don't recall >> exactly what this does. But comparing against all known working >> configurations against LDAP I see, this is the thing that stands-out >> for >> me. There is also the outside chance (that if this is a 64-bit box) >> that the path to the library needs to be pre-pended with: >> >> /lib64/security/ > > I can't imagine that this is necessary... since none of the other PAM > config files include it... and it doesn't yell at me about them being > missing. > >> So its more like: >> >> #%PAM-1.0 >> auth required /lib64/security/pam_env.so >> auth sufficient /lib64/security/pam_ldap.so >> no_user_check >> auth required /lib64/security/pam_deny.so >> account required /lib64/security/pam_ldap.so >> no_user_check > > When I use "no_user_check" in my config... I see the following error > in /var/log/messages: > > Aug 25 11:36:20 apptest-507 java: illegal option no_user_check > >> You should also take a look at /var/log/tomcat/catalina.out when >> trying >> to log into the Web interface with this user to see if there is >> anything >> interesting being reported at the Satellite level. > > The tomcat error that came out of this was: > > # tail -n 0 -f /var/log/tomcat5/catalina.out > 2009-08-25 11:34:27,291 [TP-Processor5] WARN > com.redhat.rhn.domain.user.legacy.LegacyRhnUserImpl - PAM login for user > User <myuser> (id 21, org_id 1) failed with error Authentication > failure. > >> Good luck! >> Brandon > > Thanks... any thoughts on where to go from here? I can't seem to get > any verbose logging from PAM... despite appending "debug" to the > pam_ldap.so lines. Wow, you're starting to get me stumped! Next thing I'm curious about is your version of jpam: rpm -q --queryformat "%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n" jpam Thanks. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFKlBlYhwQhj8l1t/cRAgr5AJ9BpTr98rnyC2UB6PiWPFty/LDZ5wCggU1V z+dWifchOR8R+el5VOCIkNU= =KXmy -----END PGP SIGNATURE----- _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list