The user not known issue was caused by pam_ldap accepting capital
letters in usernames while pam-ccreds doesn't. So Nick's suggestion does
seem to solve the problem.
Also IMO common-auth pam-ccreds should be above pam_ldap. Otherwise a
user not on the network will have to wait for the timeout
David, the disadvantage of placing pam_ccred before pam_ldap in the
stack is that the password will be validated first against the local
cache. If it have just been updated, the old one will still work for a
little while, which is not good in most circumstance.
--
You received this bug
Still failing in Lucid. Nick's suggestion gets rid of the authentication
error, but in my case I still get user not known to underlying
authentication module. Anyone have this working on Lucid?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
The common-account created by pam-auth-update when configuring for
cached credentials is failing on my stock Ubuntu Maverick 10.10 install.
The common-account created by pam-auth-update is:
# here are the per-package modules (the Primary block)
account [success=2 new_authtok_reqd=done
I would like to see this backported to lucid because I had to use auth-
client-config to configure libpam-ccreds and I got lots of problems with
pam-auth-update overwriting the common-* files each time a new pam
module gets installed.
--
not clear how to configure with pam-auth-update
Marking Fix Released in Maverick since libpam-ccreds supports pam-auth-
update since 10-3 and maverick has 10-5.
** Changed in: libpam-ccreds (Ubuntu)
Status: In Progress = Fix Released
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received
** Changed in: libpam-ccreds (Debian)
Status: Confirmed = Fix Released
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
I tested the configuration from the patch in comment #2 on lucid, and it seem
to work just fine.
I'm testing with libpam-ldapd and libnss-ldapd.
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification because you are a member
** Changed in: libpam-ccreds (Debian)
Status: Unknown = Confirmed
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
** Bug watch added: Debian Bug tracker #566718
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566718
** Also affects: libpam-ccreds (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566718
Importance: Unknown
Status: Unknown
** Changed in: libpam-ccreds (Ubuntu)
I'm quite interested in this too. Any progress/update? An update that
says cannot be done with current implementation would at least set
expectations correctly.
Thanx!
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification
oops. Got distracted.
I meant to say ...without changing the pam configuration for pam_ldap
which is possibly not a very good solution as it would then affect
everyone.
Brian May
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug
I never got a response to my last email to Steve Langasek. I could
always hope that it has been fixed in Jaunty (I haven't updated any of
my systems yet).
I suspect, if there was a solution, then Steve Langasek would have
already asked me to test it.
The problem is that 3 return values from
Just wondering if this is still an issue in jaunty? I've been working
with Hardy LTS for a couple of networks I manage and have been
considering updating a dev net to start testing openldap in Jaunty.
Also, was it ever determined what the correct order should be in the pam
conf files
Hello,
My initial attempt at pseudo-code of the example was incorrect, I missed
the default=done bit.
Next attempt:
pam_unix.so
if (!success) {
pam_ldap.so use_first_pass
if (authinfo_unavail) {
pam_ccreds.so action=validate use_first_pass
} else if (success) {
pam_ccreds.so
FYI I filed bug #340836 on the issue of action=update being a NOP.
Brian May
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Hmmm. You appear to have missed the action=store, so the cached
credentials will never be saved in the first place. My understanding the
actions should look something like:
pam_ldap.so use_first_pass
if (authinfo_unavail) {
pam_ccreds.so action=validate use_first_pass
pam_ccreds.so
Ok, so I am blind. I double checked and action=store is there.
Unfortunately the resultant /etc/pam.d/common-auth file was not valid,
possibly as a result of the perl warnings. So I can't test it any
further.
Brian May
--
not clear how to configure with pam-auth-update
Somehow pam-auth-update also chmod 600 my /etc/pam.d/common-* config
files! So xscreensaver wouldn't authenticate anymore :-(.
Maybe it doesn't like my umask of 077?
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification
On Tue, Mar 10, 2009 at 02:11:03AM -, Brian May wrote:
Hmmm. You appear to have missed the action=store, so the cached
credentials will never be saved in the first place.
The ccreds config is split between two separate profiles, needed because the
generated config snippets are concatenated
Just to clarify, do you want these files before or after I install
libpam-ccreds?
I will assume after:
br...@sys11:~$ cat /etc/pam.d/common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
#
On Tue, Mar 10, 2009 at 03:43:31AM -, Brian May wrote:
Just to clarify, do you want these files before or after I install
libpam-ccreds?
I will assume after:
Yes, after is fine.
br...@sys11:~$ cat /var/lib/pam/auth
Module: unix
[success=end default=ignore] pam_unix.so nullok_secure
Here's a patch to add pam-auth-update integration to libpam-ccreds. I
haven't tested it with pam_ldap because I don't have LDAP authentication
here; further changes to the LDAP pam-auth-update profile may be needed
to get this working as desired (changes that are worth doing for the
general
I am facing the same problem and any guidance would be gratefully
received.
--
not clear how to configure with pam-auth-update
https://bugs.launchpad.net/bugs/294977
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
24 matches
Mail list logo