[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] LDAP authentication

To: ossig@xxxxxxxxxxx
Subject: Re: [ossig] LDAP authentication
From: Gan Sze Kai <gansk@xxxxxxxxxxxxx>
Date: Wed, 10 Mar 2004 08:49:57 +0800
In-Reply-To: <200403100255.16606.hongyee@polyscientific.com.my>
References: <4016891A.13E26D5A@tm.net.my> <1078227260.1170.4.camel@hermione> <404C0CB2.4060401@sunway.edu.my> <200403100255.16606.hongyee@polyscientific.com.my>
Reply-To: ossig@xxxxxxxxxxx
Sender: owner-ossig@xxxxxxxxxxx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Title:

I also notice this problem. For normal address book program like Netscape and Outlook, it won't generate too many request to the LDAP server. But when I do authenticated to some of the linux server ( I try on redhat 8), it will trigger the problem until the server "PIPE broken error" occur. I try to check on the connection protocol.

Seah Hong Yee wrote:

I seems to have this problem with client causing the server to produce errors 
like too many open files limit reach. Happens to some client but not all. 



On Monday 08 March 2004 2:03 pm, Gan Sze Kai wrote:

BINGO......
Now, my LDAP server is almost perfect. I had solve the pam problem. I
would like to share some of my experience with you.
**Assume that you know how to setup ldap server, nss_ldap.conf and
ldap.conf

1. Run authconfig to enable auth using LDAP.

2. Edit /etc/pam.d/login
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so use_first_pass
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_cracklib.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_unix_passwd.so use_first_pass
md5 shadow
session    required     /lib/security/pam_ldap.so
session    required     /lib/security/pam_unix_session.so

3. If the auth failed. Try to download pam_ldap.tar.gz from padl.com and
recompile it.

4. Next, you will need to create a home_dir for the user. Please don't
use "session    required     /lib/security/pam_mkhomedir.so
skel=/etc/skel umask=0022" in /etc/pam.d/system_auth,  because since
version 3.6 of SSH, a new security model, called privilege separation
used, while authentication a user, and pam_mkhomedir can not work with
privilege violataion. Please try to download make_home_dir-1.0.tar.gz
from http://www.trustsec.de/soft/oss/ to solve this problem.


Good Luck...

Cheers
Sze Kai


---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message



---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

References:
- Re: [ossig] Sendmail + LDAP
  - From: Colin Charles
- [ossig] LDAP authentication
  - From: Gan Sze Kai
- Re: [ossig] LDAP authentication
  - From: Seah Hong Yee

Prev by Date: [ossig] The Roles of Open Source in Healthcare: Implications to IT andHealthcare Practitioners on the 18th March
Next by Date: Re: [ossig] LDAP authentication
Prev by thread: Re: [ossig] LDAP authentication
Next by thread: Re: [ossig] LDAP authentication
Index(es):
- Date
- Thread