Below you have the 4 different sections that needs to be present. I know these works with Sun Java enterprise Directoryserver 5.2 and with Novell E-Directory. I have never tried OpenLdap Server. These entries are copied from a Solaris 10 /etc/pam.conf file modified according to the pam_ldap(5) manualpage.
If you have any specific services that needs "tailoring" you basically duplicate the 3 sections with lines starting with "other" and replace "other " with the service name and then alter as requiered. login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_dial_auth.so.1 login auth required pam_unix_cred.so.1 login auth binding pam_unix_auth.so.1 server_policy login auth required pam_ldap.so.1 other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth binding pam_unix_auth.so.1 server_policy other auth required pam_ldap.so.1 other account requisite pam_roles.so.1 other account binding pam_unix_account.so.1 server_policy other account required pam_ldap.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 server_policy here is One example of a service tailored for LDAP : the SunRay dtlogin service. Note that its got an "auth" , an "account" and a "password" section. dtlogin-SunRay session required pam_unix_session.so.1 dtlogin-SunRay password required pam_dhkeys.so.1 dtlogin-SunRay password requisite pam_authtok_get.so.1 dtlogin-SunRay password requisite pam_authtok_check.so.1 dtlogin-SunRay password required pam_authtok_store.so.1 server_policy dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 prompt dtlogin-SunRay auth required /opt/SUNWut/lib/pam_sunray_amgh.so.1 clearuser dtlogin-SunRay auth requisite pam_authtok_get.so.1 dtlogin-SunRay auth required pam_dhkeys.so.1 dtlogin-SunRay auth required pam_unix_cred.so.1 dtlogin-SunRay auth binding pam_unix_auth.so.1 server_policy dtlogin-SunRay auth required pam_ldap.so.1 dtlogin-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so dtlogin-SunRay account requisite pam_roles.so.1 dtlogin-SunRay account binding pam_unix_account.so.1 server_policy dtlogin-SunRay account required pam_ldap.so.1 // Lars Tunkrans This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
