Re: [tanya-jawab] login user dari ssh dengan backend LDAP

[Cecep Mahbub]

Cecep Mahbub wrote:


> log ini juga sudah jelas. error ada di bagian pam_unix. kenapa? karena
> di settingan /etc/pam.d/sshd
> 
> password   required     pam_pwcheck.so nullok
> password   required     pam_ldap.so use_first_pass use_authtok
> password   required     pam_unix.so nullok use_first_pass use_authtok
> 
> anda setting semuanya required. harusnya yang bagian awal anda setting
> sufficient. baca lagi tentang pam yah ...

ralat, bukan bagian awal.

maksud saya, kalau menurut settingan diatas, seharusnya bagian
pam_ldap.so anda set sufficient. jadi user ldap cukup autentikasi lewat
pam_ldap. sedangkan local user, saat mencoba autentikasi lewat pam_ldap
akan gagal, tapi karena settingannya sufficient, dia akan mencoba lagi
ke bagian pam_unix.


http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-4.html

sufficient; the success of this module is deemed `sufficient' to satisfy
the Linux-PAM library that this module-type has succeeded in its
purpose. In the event that no previous required module has failed, no
more `stacked' modules of this type are invoked. (Note, in this case
subsequent required modules are not invoked.). A failure of this module
is not deemed as fatal to satisfying the application that this
module-type has succeeded.



-Cecep-



-- 
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis
Tidak bisa posting? Baca:
http://linux.or.id/problemmilis
http://linux.or.id/tatatertibmilis