Re: [SunRay-Users] Sun Ray authentication with LDAP

Alex Brulo Fri, 30 Jul 2010 02:49:21 -0700

Sorry Michel

I'd must have missed a post or two  and thought you were using VDI
and not native sessions.


I attach my pam.conf for Solaris 10
which works with JDS, Sun Ray clients against OpenLDAP

A 


 
=======================================
Alex Brulo
Senior Server Engineer (HPC)
Information Systems Aston (ISA)
Aston University, Aston Triangle,
Birmingham, B4 7ET 
Tel: 0121 204 3673
ISA "Aiming for Excellence in ICT Services" 
=======================================
Please consider the environment before printing this e-mail
=======================================

#
#ident  "@(#)pam.conf   1.31    07/12/07 SMI"
#
# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login   auth requisite          pam_authtok_get.so.1
#login  auth required           pam_dhkeys.so.1
login   auth sufficient         pam_ldap.so.1 
login   auth required           pam_unix_cred.so.1 
login   auth required           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient         pam_ldap.so.1
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_cred.so.1
rlogin  auth required           pam_unix_auth.so.1
#
# Kerberized rlogin service
#
#krlogin        auth required           pam_unix_cred.so.1
#krlogin        auth required           pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
ssh     auth sufficient         pam_ldap.so.1  
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_cred.so.1
#
# Kerberized rsh service
#
#krsh   auth required           pam_unix_cred.so.1
#krsh   auth required           pam_krb5.so.1
#
# Kerberized telnet service
#
#ktelnet        auth required           pam_unix_cred.so.1
#ktelnet        auth required           pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
#ppp    auth requisite          pam_authtok_get.so.1
#ppp    auth required           pam_dhkeys.so.1
#ppp    auth required           pam_unix_cred.so.1
#ppp    auth required           pam_unix_auth.so.1
#ppp    auth required           pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other   auth requisite          pam_authtok_get.so.1
other   auth sufficient         pam_ldap.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_cred.so.1
other   auth required           pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd  auth sufficient         pam_ldap.so.1
passwd  auth required           pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron    account required        pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other   account requisite       pam_roles.so.1
other   account required        pam_unix_account.so.1
other   account sufficient      pam_ldap.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other   session required        pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1
other   password required       pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
# BEGIN: added to xscreensaver by SunRay Server Software -- xscreensaver
xscreensaver auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
xscreensaver auth requisite pam_authtok_get.so.1 
xscreensaver auth sufficient pam_ldap.so.1 
xscreensaver auth required pam_dhkeys.so.1 
xscreensaver auth required pam_unix_cred.so.1 
xscreensaver auth required pam_unix_auth.so.1 
xscreensaver account sufficient /opt/SUNWut/lib/pam_sunray.so 
xscreensaver account requisite pam_roles.so.1 
xscreensaver account required pam_unix_account.so.1 
xscreensaver account sufficient pam_ldap.so.1 
# BEGIN: added to dtlogin-SunRay by SunRay Server Software -- dtlogin-SunRay
dtlogin-SunRay password required pam_dhkeys.so.1 
dtlogin-SunRay password requisite pam_authtok_get.so.1 
dtlogin-SunRay password requisite pam_authtok_check.so.1 
dtlogin-SunRay password required pam_authtok_store.so.1 
dtlogin-SunRay auth requisite /opt/SUNWut/lib/pam_sunray_hotdesk.so.1 
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 
property=username
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 
dtlogin-SunRay auth sufficient /opt/SUNWkio/lib/pam_kiosk.so.1 log=user 
ignoreuser
dtlogin-SunRay auth requisite /opt/SUNWkio/lib/pam_kiosk.so.1 log=user
dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so 
dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt
dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 clearuser
dtlogin-SunRay auth requisite pam_authtok_get.so.1 
dtlogin-SunRay auth sufficient pam_ldap.so.1 
dtlogin-SunRay auth required pam_dhkeys.so.1 
dtlogin-SunRay auth required pam_unix_cred.so.1 
dtlogin-SunRay auth required pam_unix_auth.so.1 
dtlogin-SunRay account sufficient /opt/SUNWkio/lib/pam_kiosk.so.1 log=user
dtlogin-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so 
dtlogin-SunRay account requisite pam_roles.so.1 
dtlogin-SunRay account required pam_unix_account.so.1 
dtlogin-SunRay account sufficient pam_ldap.so.1 
dtlogin-SunRay session requisite /opt/SUNWut/lib/pam_sunray_hotdesk.so.1 
dtlogin-SunRay session required /opt/SUNWkio/lib/pam_kiosk.so.1 log=user
dtlogin-SunRay session required pam_unix_session.so.1 
# BEGIN: added to dtsession-SunRay by SunRay Server Software -- dtsession-SunRay
dtsession-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so 
dtsession-SunRay account requisite pam_roles.so.1 
dtsession-SunRay account required pam_unix_account.so.1 
dtsession-SunRay account sufficient pam_ldap.so.1 
dtsession-SunRay session required pam_unix_session.so.1 
dtsession-SunRay password required pam_dhkeys.so.1 
dtsession-SunRay password requisite pam_authtok_get.so.1 
dtsession-SunRay password requisite pam_authtok_check.so.1 
dtsession-SunRay password required pam_authtok_store.so.1 
dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay
dtsession-SunRay auth requisite pam_authtok_get.so.1 
dtsession-SunRay auth sufficient pam_ldap.so.1 
dtsession-SunRay auth required pam_dhkeys.so.1 
dtsession-SunRay auth required pam_unix_cred.so.1 
dtsession-SunRay auth required pam_unix_auth.so.1 
# BEGIN: added to utnsclogin by SunRay Server Software -- utnsclogin
utnsclogin account requisite pam_roles.so.1 
utnsclogin account required pam_unix_account.so.1 
utnsclogin account sufficient pam_ldap.so.1 
utnsclogin session required pam_unix_session.so.1 
utnsclogin password required pam_dhkeys.so.1 
utnsclogin password requisite pam_authtok_get.so.1 
utnsclogin password requisite pam_authtok_check.so.1 
utnsclogin password required pam_authtok_store.so.1 
utnsclogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username
utnsclogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 
utnsclogin auth requisite pam_authtok_get.so.1 
utnsclogin auth sufficient pam_ldap.so.1 
utnsclogin auth required pam_dhkeys.so.1 
utnsclogin auth required pam_unix_cred.so.1 
utnsclogin auth required pam_unix_auth.so.1 
# BEGIN: added to utadmingui by SunRay Server Software -- utadmingui
# utadmingui auth sufficient /opt/SUNWut/lib/pam_sunray_admingui.so.1 
# BEGIN: added to utgulogin by SunRay Server Software -- utgulogin
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 
token=auth,JavaBadge
utgulogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 
utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt
utgulogin auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 
# BEGIN: added to uthotdesk by SunRay Server Software -- uthotdesk
uthotdesk account requisite pam_roles.so.1 
uthotdesk account required pam_unix_account.so.1 
uthotdesk account sufficient pam_ldap.so.1

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Re: [SunRay-Users] Sun Ray authentication with LDAP

Reply via email to