On Thu, 6 Jun 2002, Peter E. Abresch Jr. - at Pepco wrote:
> I am still trying to get PAM working with Computer Associates LDAP server.
> I want to authenticate Linux users against ACF2. Right now I am playing
> with just RLOGIN just to try to get something working. I am not having
> much luck. I am seeing the following in the Linux logs.
>
> Jun 6 10:31:47 ibm9672 in.rlogind[3902]: connect from 161.186.86.6
> (161.186.86.6)
> Jun 6 10:32:10 ibm9672 rlogind[3902]: unable to dlopen
> /usr/lib/sasl/libdigestmd5.so: /usr/lib/sasl/libdigestmd5.so: undefined
> symbol: des_key_sched
> Jun 6 10:32:10 ibm9672 rlogind[3902]: unable to dlopen
> /usr/lib/sasl/libgssapiv2.so: libgssapi.so.1: cannot load shared object
> file: No such file or directory
> Jun 6 10:32:10 ibm9672 pam_rhosts_auth[3902]: denied to
> [EMAIL PROTECTED] as x062pea: access not allowed
> Jun 6 10:32:10 ibm9672 in.rlogind[3902]: PAM authentication failed for
> in.rlogind
>
> I do not know what the 2 "unable to dlopen" messages means nor how to
> correct it. I do not know if this is the cause of my problems or not.
>
> Also, if anyone can provide any pointers on using CA-ACF2 LDAP for
> password authentication, I will be much appreciative. Thanks to all.
I don't know exactly what is going on here, but maybe some of my
experiences might put you in the right direction.
Most ldap tools in Linux are based on the OpenLDAP project. And the
OpenLDAP project includes a couple of ways to authenticate yourself with
the ldap server. I'm going to explain it using ldapsearch, which it a good
tool to first test your connections and search filters.
The first way to authenticate yourself to the ldap server is using sasl,
and this is the default on openldap. You can see that the missing lib are
from the sasl package.
The problem is that, AFAIK, only OpenLDAP servers understand the sasl way
of authenticating.
Therefore for all other ldap server you need to use the "simple"
authentication method. In ldapsearch you add the "-x" swith for this. Then
using other swithes you can supply the necesary id's and passwords.
So maybe you can first try with ldapsearch how exactly you have to connect
to your ldap server. I also don't know the pam ldap modules so I can't
tell you how to configure those.
But still I hope that I was of help.
Regards,
Tim Verhoeven
--
===========================================================================
Tim Verhoeven
Linux & Open Source Specialist
GSM : 0496 / 693 453 + e-business solutions
Email : [EMAIL PROTECTED] + consulting
URL : www.sin.khk.be/~dj/ + Server consolidation
===========================================================================
