[H-GEN] [SAGE-AU] LDAP under Solaris

Robert Brockway robert at timetraveller.org
Thu Mar 15 23:09:58 EST 2001 

[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

Hi all.  After going to Brad's excellent talk on LDAP we're going to use
it for user authentication in the office.  We're using Openldap on both
the Linux boxen and the Solaris 7/8 boxen (the uniformity). Openldap 2.0.7
had problems with the pam libs for me (!!!).  As Solaris' native ldap
onlyused v3 we really need yo use openlap on both unix platforms.

We have a heterogeneous envionment consisting of Solaris, Linux and Win2K
workstations and Solaris and Win2K servers.

I intend to setup one of the Solaris servers as the LDAP master.  I'm
actually not too worried about a secondary right now so we can ignore
slurpd. 

Things are going quite well.  I have my Linux workstation acting as a LDAP
master for itself.  The Linux box can authentication users exclusively
using LDAP - so it is working perfectly.

I've got LDAP up on a test Solaris machine (I can broase the database,
etc)  I am having a little trouble with the /etc/pam.conf file.

So my question is simple.  Has anyone done openldap under Solaris 7/8 and
has a working pam.conf they wouldn't mind throwing my way.  Kindest
regards to anyone who can let a few crumbs of knowledge fall from their
table.

Here is my attempt at the pam.conf file:

#
# PAM configuration
#
# Authentication management
#
login   auth sufficient /lib/security/pam_ldap.so.1
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1 
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1 
#
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /lib/security/pam_ldap.so.1
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login   account sufficient      /lib/security/pam_ldap.so.1
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
login   account required        /usr/lib/security/$ISA/pam_unix.so.1 
#
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1 
#
other   account sufficient      /lib/security/pam_ldap.so.1
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1 
other   account required        /usr/lib/security/$ISA/pam_unix.so.1 
#
# Session management
#
other   session sufficient      /lib/security/pam_ldap.so.1
other   session required        /usr/lib/security/$ISA/pam_unix.so.1 
#
# Password management
#
other   password sufficient     /lib/security/pam_ldap.so.1
other   password required       /usr/lib/security/$ISA/pam_unix.so.1 
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1



Cheers,
	Rob

--Robert Brockway B.Sc.	Email:	robert at timetraveller.org
			ICQ:	104781119
			WWW:	www.timetraveller.org
"The earth is but one country and mankind its citizens" -Baha'u'llah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list