Prev-20 Home Next-20 pam_ccreds - Disconnected LDAP \ Stephane Pointu (20 Nov 2007) 8 msg [OT] Grab info off the net 2 msg Packages not in portage 2 msg The generated cache was invalid... 14 msg I applied mkswap on root partition 2 msg Failed to allocate mem 7 msg memtest86+ taking too long 7 msg OT: Literature on Python 40 msg Is my hard drive sick? 6 msg Perl problem 2 msg LTSP 5 10 msg Building all packages except gcc 7 msg pygtk blocking pygobject 9 msg Kernel 2.6.22-r9 installation problems 3 msg /bin/sh -> dash? 3 msg (more about) portage issues and simple/basic ha... 1 msg Netfilter TRACE target? 1 msg Xserver errors while loading livecd 2007.0 ... 5 msg ALSA, speakers, volume, mute 1 msg gmailfs and gmail 2.0 Prev-20 Home Next-20

Prev-Msg Prev-Thread Gentoo-user Nov-2007 Next-Thread Next-Msg Subject: pam_ccreds - Disconnected LDAP Group: Gentoo-user From: Stephane Pointu Date: 20 Nov 2007 Hi all, I would like to use pam_ccreds to cache credentials for a user when the LDAP server is not available (using a laptop for example). I have installed pam_ccreds, nss_updatedb and nss-db, And run "nss_updatedb ldap" So the system has passwd and group info locally in /var/db/passwd.db and /var/db/group.db. I have checked that they really contain all records from the LDAP when disconnected. When connected, the LDAP authentication works fine, however the user cannot login when disconnected. I noticed that pam_ccreds does not cache the credentials locally. I checked this with cc_dump. Did anyone come across this problem? How can I do more debug on this? Below is how I've configured the laptop: /etc/nsswitch.conf passwd: files ldap [NOTFOUND=return] db shadow: files ldap group: files ldap [NOTFOUND=return] db /etc/pam.d/system-auth auth required pam_env.so auth [user_unknown=ignore default=done] pam_unix.so likeauth nullok shadow try_first_pass auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so try_first_pass auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update auth required pam_deny.so account [user_unknown=ignore default=done] pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 100 account [authinfo_unavail=ignore default=done] pam_ldap.so account [default=done] pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok try_first_pass password sufficient pam_ldap.so use_authtok use_first_pass password required pam_deny.so session required pam_limits.so session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0066 session optional pam_ldap.so Regards, Stephane Prev-Msg Prev-Thread Gentoo-user Nov-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com