Check this out.
[hack@asuka pam.d]$ sudo -u hfuller echo "testing"
Password:
testing
So I can run commands as an LDAP user hfuller, using sudo.
But!
[hack@asuka pam.d]$ su hfuller
Password:
[hack@asuka pam.d]$
If I try to su to the user, it doesn't work, and it doesn't even error out. And:
Jul 9 10:46:39 asuka su(pam_unix)[13051]: session opened for user
hfuller by (uid=0)
Jul 9 10:46:39 asuka su(pam_unix)[13051]: session closed for user hfuller
A session is opened for my user but then immediately closed. And this
is the error ssh throws:
Jul 9 11:59:18 asuka sshd2[13466]: Remote host disconnected:
Authentication method disabled. (user 'hfuller', client address '1
27.0.0.1:48784', requested service 'ssh-connection')
Jul 9 11:59:18 asuka sshd2[13466]: User authentication failed:
'Authentication method disabled. (user 'hfuller', client address
'127.0.0.1:48784', requested service 'ssh-connection')'
If I try to ssh to localhost using the login hfuller.
If you know stuff about LDAP logins you might be thinking "His LDAP is
broken when using PAM but not NSS."
But here is this test program I was given, that uses PAM libraries...
[hack@asuka pam.d]$ ~hack/check_user
login: hfuller
Password:
PAM said: Success
What?!
Any ideas? This is one of the most confusing problems I've ever had.
--
-hackmiester
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]