Categories

JAVA DATEBASE
Technology Network Community
Oracle Database
Fusion Middleware
Development Tools
Java
Desktop
Server & Storage Systems
Enterprise Management
Berkeley DB Family
Cloud Computing
Big Data
Business Intelligence
Architecture
Migration and Modernization
E-Business Suite
Siebel
PeopleSoft Enterprise
JD Edwards World
Industries
JD Edwards EnterpriseOne
User Productivity Kit Pro (UPK) and Tutor
Governance, Risk & Compliance (GRC)
Master Data Management (MDM)
Oracle CRM On Demand
On Demand: SaaS and Managed Applications
AutoVue Enterprise Visualization
Primavera
ATG
Agile PLM
Endeca Experience Management
Fusion Applications
Archived Forums

 



Tags

Solaris 10


pam_ldap with local accounts


Hello,  I would like to provide some users the ability to login to their Solaris account using an LDAP credential.  Naming services would not be in LDAP.  In other words, this could be considered a hybrid of local accounts, files/dns naming services, but adding pam_ldap at the bottom of the authentication stack.  Everything has tested out fine, and there is a sample pam.conf file in the naming service documentation from Sun: login   auth    requisite       pam_authtok_get.so.1 login   auth    required        pam_dhkeys.so.1 login   auth    required        pam_dial_auth.so.1 login   auth    required        pam_unix_cred.so.1 login   auth    sufficient      pam_unix_auth.so.1 login   auth    required        pam_ldap.so.1 ... other   auth    requisite       pam_authtok_get.so.1 other   auth    required        pam_dhkeys.so.1 other   auth    required        pam_unix_cred.so.1 other   auth    sufficient      pam_unix_auth.so.1 other   auth    required        pam_ldap.so.1  In testing, however, what I have found is that accounts locked (passwd -l foousr resulting in LK in /etc/shadow) work as expected.  Login is denied.  No password accounts (passwd -N foousr resulting in NP in /etc/shadow) do not work as I thought they would.  They are still allowed to login if they supply the correct LDAP credential.  Many thanks for any feedback.


Related Links

install solaris via jumpstart with 2 network interfaces
ping via dedicated IP
Setting IPCS values permanently
Increase Inode to 10 million
Multi-label desktops not starting (Solaris 10u9)
Static arp entries in zones
LOFS mount in vfstab fails to mount at boot
SVM - metadb and 4 disks ?
Meld in Solaris 10 Sparc
DHCP Unknown Hostname
Warning: "Sorry, this content not allowed"
Max File size in UFS and ZFS
clientmqueue Folder Consuming more space Disk space
ksslcfg work only with apache?
AD authentication
System Panic after decoupling a firewire storage device