http://qa.mandrakesoft.com/show_bug.cgi?id=4082
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
------- Additional Comments From [EMAIL PROTECTED] 2003-06-07 21:41 -------
Confirmed with a new 9.1 install upgraded to cooker. Having pam_unix after pam_ldap
results in
a segfault when using su to change from a LDAP user to a non-LDAP user (ie. changing
from
vdanen (in LDAP) to root). su'ing from a local user to a LDAP user still works.
Making the noted changes corrects the behaviour and su works both ways.
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: NEW
creation_date:
description:
In the LDAP authentication setup in DrakX on 9.1, there are two small errors in
the LDAP configuration
1)pam_filter objectclass=account is used in /etc/ldap.conf, whereas
objectclass=posixAccont should be used (objectclass account is deprecated, and
not added by some tools even when openldap-2.0.x will allow it).
See:
http://www.mandrakesecure.net/en/docs/ldap-auth2.php#configclient
for an example config
2)pam_ldap listed before pam_unix in auth section of /etc/pam.d/system-auth.
This causes su to segfault for users in LDAP (among other things). pan_unix
should be listed first, then pam_ldap.
See
http://www.mandrakesecure.net/en/docs/ldap-auth2.php#pam
for an example config
