Correct it does... and yes because of a problem with nsswitch it did just that to me.
ssh works now. right now I am scratching my head about loging in with x-windows. Ron >>> <[EMAIL PROTECTED]> 10/27/05 7:38 PM >>> I believe that openssh does getpwnam() and unless you have nss_ldap configured or you have the user in /etc/passwd+shadow, or have nss configured via some other means, sshd will consider the user 'invalid' and fail. I thought there was a config option that would relax this check, but I can't find it... (I think I'm getting confused with the LOCKED_PASSWD_PREFIX feature of sshd there...) On Thu, 27 Oct 2005, Ron Croonenberg wrote: > We do use ldap. > > However what confuses me is why the system-auth that I have works on > every other linux machine I have. > Basically those clients don't have have any "local" accounts. we use > ldap for account info and with this in "system-auth" (below) anyone with > an afs account can login on that machine. > > *** system-auth , (auth section) *** > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_afs.so use_first_pass > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > > > Ron > >>>> Derrick J Brashear <[EMAIL PROTECTED]> 10/27/05 2:31 PM >>> > you need a local userid or something like nis or ldap. there's no issue > > Derrick > > On Thu, 27 Oct 2005, Ron Croonenberg wrote: > >> Hi Derrick, >> >> yes then it works. (and yes I use shadow) >> >> When the username is in /etc/passwd and nthe password is different > then >> the afs password it does get logged in, get's an afs token and get's >> the uid homedirectory shell info etc from ldap. >> >> However, when I don't have a "local" userid, it doesn't work. >> >> (Sounds like it is not an OpenAFS issue, but there must be more people >> that ran into that problem) >> >> Ron >> >>>>> Derrick J Brashear <[EMAIL PROTECTED]> 10/27/05 12:48 PM >>> >> And the username in question is listed in /etc/passwd (and /etc/shadow >> if you use shadow) right? >> >> On Thu, 27 Oct 2005, Ron Croonenberg wrote: >> >>> I am trying to debug pam loging in to afs. >>> >>> Before pam_afs and pam_unix are used sshd already complains that the >>> user that I try to login with is an illegal user. >>> (oort sshd[68250]: Illegal user cowboy from aaa.bbb.ccc.ddd) >>> >>> Does that mean that sshd is not aware that there are other accounts, >>> OpenAFS accounts, then local accounts ? >>> If that's the case how do I make sshd afs aware ? >>> >>> (on "other" linux machines I never ran into that problem) >>> >>> thanks, >>> >>> Ron >>> >>> _______________________________________________ >>> OpenAFS-info mailing list >>> [email protected] >>> https://lists.openafs.org/mailman/listinfo/openafs-info >>> >> _______________________________________________ >> OpenAFS-info mailing list >> [email protected] >> https://lists.openafs.org/mailman/listinfo/openafs-info >> >> > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
