- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: PAM ntml/unix/updbe issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2003 02:34 AM
тАО02-07-2003 02:34 AM
PAM ntml/unix/updbe issues
I am trying to configure login authentication with the following aim:
All users to be authenticated by NT only, except root (or mmroot) who is to be authenticated by UNIX only.
The authentication of users by NT is woorking with no probs, but I cannot seem to get the exception for root working. The relevant lines from /etc/pam.conf are:
# Authentication management
#
login auth required /usr/lib/security/libpam_updbe.1
login auth required /usr/lib/security/libpam_ntlm.1 debug
The relevant lines from /etc/pam_user.conf are:
root auth /usr/lib/security/libpam_unix.1 debug
mmroot auth /usr/lib/security/libpam_unix.1 debug
The login prompt dies with the following message for root:
Login cannot retrieve the details of the user root, exiting.
Connection closed.
And for mmroot it is just login incorrect:
Password:
Login incorrect
The relevant syslog entries are:
Feb 7 10:11:00 caews90 rlogind[13814]: Login failure (exit(1) from login(1))
Feb 7 05:11:17 caews90 login: pam_ntlm: Incorrect NT password for username : mmroot
Am I missing something obvious here or is this not possible, the man pages suggest it is.
FYI:
mmroot is a NIS account with UID 0. NSS is looking at files then NIS. /etc/passwd has magic cookie at the end. OS is 11.11 patched with latest from CPM in Jan 01.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2003 05:31 AM
тАО02-07-2003 05:31 AM
Re: PAM ntml/unix/updbe issues
The pam_user.conf file is only for specifying different options for modules, not completely different modules.
From the manual:
"Individual users can be assigned different options by listing them in the user control file /etc/pam_user.conf. For a login-name listed here, the options listed here replace any options specified for the module-type/module-path in /etc/pam.conf."
Nice idea though ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2003 05:34 AM
тАО02-07-2003 05:34 AM
Re: PAM ntml/unix/updbe issues
it seems to be NOT possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2003 08:40 AM
тАО02-07-2003 08:40 AM
Re: PAM ntml/unix/updbe issues
My brain is still a little foggy this morning as I have yet to have my Mt. Dew, but I think the problem is that you are using 2 "required"s in the pam.conf file. I think it is passing for root at the UNIX level, but then failing at the NT level since root isn't set-up on NT. If you use required, all modules must be passed. Try changing the first entry to sufficient and see if root then works. (see man pam.conf for more info).
- Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2003 08:56 AM
тАО02-07-2003 08:56 AM
Re: PAM ntml/unix/updbe issues
The problem is I do not what root to be presented to NT and I do not want ordinary users presented to UNIX.
We've decide to go with NT only and use Single User for root (as we have root equiv acounts anyway).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-04-2003 10:04 AM
тАО03-04-2003 10:04 AM
Re: PAM ntml/unix/updbe issues
login auth sufficient /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_ntlm.1 try_first_pass
This forces unix passwords to be tried first, if fail then try same password on nt. Therefore root authenticates immediately with the unix password. For other users I create their unix account but I don't tell them the password and they just pass thru to ntlm. The main problem with this is the 8 char usename limit. user.map fixes association but with trusted hpux I can't get longer usernames.