Wuhai’s Weblog

January 23, 2009

RHEL4U6 and pam_ccreds

Filed under: Linux,RedHat — wuhai @ 2:10 pm

Refer to https://bugzilla.redhat.com/show_bug.cgi?id=478446

$ uname -m
x86_64
$ cat /etc/issue
Red Hat Enterprise Linux AS release 4 (Nahant Update 6)
Kernel \r on an \m

Here is a working version of ‘system-auth’ file with pam_ccreds enabled:

auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so nullok
auth requisite /lib/security/$ISA/pam_succeed_if.so uid >= 500 quiet
auth [authinfo_unavail=ignore success=1 default=2] /lib/security/$ISA/pam_ldap.so use_first_pass
auth [success=done default=die] /lib/security/$ISA/pam_ccreds.so use_first_pass action=validate
auth [default=done] /lib/security/$ISA/pam_ccreds.so action=store
auth optional /lib/security/$ISA/pam_ccreds.so action=update
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 500 quiet
account [authinfo_unavail=ignore default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so try_first_pass retry=3
password sufficient /lib/security/$ISA/pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session optional /lib/security/$ISA/pam_keyinit.so revoke
session required /lib/security/$ISA/pam_limits.so
session [success=1 default=ignore] /lib/security/$ISA/pam_succeed_if.so service in crond quiet use_uid
session required /lib/security/$ISA/pam_unix.so
session required /lib/security/$ISA/pam_mkhomedir.so umask=0077 skel=/etc/skel
session optional /lib/security/$ISA/pam_ldap.so

Advertisements

1 Comment »

  1. Wuhai, check this out: https://fedorahosted.org/sssd/

    Cool stuff…

    Comment by Ldap and cached credentials — October 15, 2009 @ 6:51 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: