I'm trying to get authentication to RACF working (for apache). I don't need login capability, I just need to verify the user/pass sent by clients, and I'm trying to do that with mod_auth_pam.
I've gotten mod_auth_pam to work with winbind (windows nt domain) just fine, but not RACF yet. In the winbind case I had both auth and account lines in /etc/pam.d/httpd. Trying with LDAP, my /etc/pam.d/httpd is currently only auth required pam_ldap.so but I suspect I'll also need an account line. But My /etc/openldap/ldap.conf HOST tcse.tcs.timeinc.com BASE profiletype=USER,sysplex=TIMEPLEX pam_login_attribute racfid SASL_SECPROPS = none The error I get is [error] access to /(path) for (ip), reason: User not known to the underlying authentication module My user is AI00032, and ldapsearch works: ldapsearch -x -D "racfid=ai00032,profiletype=user,sysplex=TIMEPLEX" -W -b "racfid=ai00032,profiletype=user,sysplex=TIMEPLEX" "objectclass=*" Enter LDAP Password: version: 2 # # filter: objectclass=* # requesting: ALL # # AI00032, USER, TIMEPLEX dn: racfid=AI00032,profiletype=USER,sysplex=TIMEPLEX objectclass: racfUser objectclass: racfBaseCommon objectclass: racfUserOmvsSegment racfid: AI00032 racfprogrammername: JARBOE,DANIEL racfowner: racfid=TECHSUPT,profiletype=GROUP,sysplex=TIMEPLEX racfauthorizationdate: 01.347 racfdefaultgroup: racfid=TECHSUPT,profiletype=GROUP,sysplex=TIMEPLEX racfpasswordchangedate: 03.134 racfpasswordinterval: 30 racfattributes: NONE racfrevokedate: NONE racfresumedate: NONE racflastaccess: 03.155/09:20:36 racfclassname: NONE racfinstallationdata: NO-INSTALLATION-DATA racfdatasetmodel: NO-MODEL-NAME racflogondays: ANYDAY racflogontime: ANYTIME racfconnectgroupname: racfid=TECHSUPT,profiletype=GROUP,sysplex=TIMEPLEX (there's a bunch more of the above) racfsecuritylevel: NONE SPECIFIED racfsecuritycategorylist: NONE SPECIFIED racfsecuritylabel: NONE SPECIFIED racfomvsuid: 0000001044 racfomvshome: / racfomvsinitialprogram: /bin/sh # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Is pam the wrong tool to do what I'm trying to do (authenticate against RACF without actually having accounts set up)? Thanks for any tips, ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
