HPE Community
Operating System - HP-UX
1832512 Members
4881 Online
110043 Solutions
New Discussion

Problems with LDAP-UX and Trusted HP-UX 11i

 
Eric Duggan_1
New Member

‎01-22-2008 01:22 PM

‎01-22-2008 01:22 PM

Problems with LDAP-UX and Trusted HP-UX 11i

I have a HP-UX 11.23 server set up as a LDAP-UX (version B.04.10) client to a Sun Java Directory Server (version 6.1).
I copied across /etc/pam.ldap.trusted to /etc/pam.conf and also made some modifications to Account management as I am using pam_authz. Everything is working fine.

I have tried to set up a couple of HP-UX 11i servers as LDAP-UX clients (version B.04.10) against the same Directory. Again I copied across /etc/pam.ldap.trusted to /etc/pam.conf and made the pam_authz modifications.

I am able to log in ok using a LDAP account. But I did some testing to make sure everything was ok but I have the following problems.

If I enter the wrong password I get prompted for the System Password and then it prompts for the password again. I guess this is due to
OTHER password required libpam_unix.so.1 try_first_pass debug

I have this in my /etc/pam.conf on the 11.23 server and don't get the System Password prompt after an incorrect password.

Anyway, I experimented with locking the LDAP account. My account log in did not work, which is what I expected. I then unlocked the account on the Directory Server but could not log into the
11i server as it thought my account was disabled. I had to delete the entry under /tcb/files/auth/ to be able to log in again. It appears the Trusted system was overriding the policy from the Directory Server.

I have attached the pam.conf for the 11i and 11.23 systems.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.