Operating System - HP-UX
1830908 Members
1787 Online
110017 Solutions
New Discussion

LDAP-UX and trusted systems - logins create tcb entries

 
SOLVED
Go to solution
support_5
Super Advisor

LDAP-UX and trusted systems - logins create tcb entries

Hi all,

I have implemented LDAP-UX on a test server, and created an LDAP server using RedHat Directory Server 7. All users can authenticate and login to the unix box via LDAP. I also have trusted systems turned on.

However, when a user who is only listed in LDAP logs in, an entry for that user is spontaneously created in the /tcb subdirectories. Thus leaving orphaned entries in that directory with no corresponding entry in /etc/passwd. authck -p complains about it. I'm sure that LDAP logins shouldn't create entries in the tcb database, but it seems to.

attached is my /etc/pam.conf file, perhaps something is wrong in there? I have played around but do not know what is going on.

Any help would be much appreciated.

Thank you

- Andrew Gray
2 REPLIES 2
Steven E. Protter
Exalted Contributor
Solution

Re: LDAP-UX and trusted systems - logins create tcb entries

Shalom Andrew,

Thus leaving orphaned entries in that directory with no corresponding entry in /etc/passwd. authck -p complains about it. I'm sure that LDAP logins shouldn't create entries in the tcb database, but it seems to.

If the users are able to log in, then this is the correct functioning.

For a user to log into a trusted system, entries are needed in /tcb

The entries are not orphaned, LDAP creates what it needs.

If the users do work, this shows that LDAP does not need /etc/passwd entries for LDAP users. It makes sense.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
support_5
Super Advisor

Re: LDAP-UX and trusted systems - logins create tcb entries

Hi,

So you're saying that I should ingore authck messages about this?

Now that you mention it, I do recall reading in the LDAP-UX admin guide that under HP-UX 11.00 it will create tcb entries for users. But it says that is only for HP-UX 11.00, not 11.23 which I'm running. So why is my HP-UX 11.23 server exhibiting behaviour that only an HP-UX 11.00 box would exhibit?

Seems strange to me, but I can see your point too.

ideas?

Ta

- Andy