Bug 20814

Summary: drakauth does not modify /etcpam.d/system-auth when switching to ldap auth
Product: Mageia Reporter: Fabrice Boyrie <fboyrie>
Component: RPM PackagesAssignee: Mageia tools maintainers <mageiatools>
Status: NEW --- QA Contact:
Severity: normal    
Priority: Normal CC: marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: drakxtools-17.82-1.mga6 CVE:
Status comment:

Description Fabrice Boyrie 2017-05-09 15:01:09 CEST 
Description of problem:
When I use ldap auth with drakauth, ssh and sudo does not works.


Version-Release number of selected component (if applicable):
future mageia 6, worked with mageia 5

How reproducible: each time


Steps to Reproduce:
1. launch drakauth
2. choose ldap authentification (with certificate for ssl)
3. validate

If i compare between mageia 5 and 6, the nslcd.conf is correct.

But on mageiea5, in /etc/pam.d/system-auth

#%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_tcb.so shadow nullok prefix=$2a$ count=8
auth        [authinfo_unavail=ignore user_unknown=ignore success=1 default=2] pam_ldap.so use_first_pass
auth        [default=done] pam_ccreds.so action=validate use_first_pass
auth        [default=done] pam_ccreds.so action=store
auth        [default=bad] pam_ccreds.so action=update
auth        required      pam_deny.so

account     sufficient    pam_tcb.so shadow
account     [authinfo_unavail=ignore default=done] pam_ldap.so use_first_pass
account     required      pam_permit.so

password    required      pam_cracklib.so try_first_pass retry=3 minlen=4  dcredit=0  ucredit=0 
password    sufficient    pam_tcb.so use_authtok shadow write_to=shadow nullok prefix=$2a$ count=8
password    sufficient    pam_ldap.so
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session    optional      pam_systemd.so
session     required      pam_tcb.so

On Mageia 6
#%PAM-1.0

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass likeauth nullok
auth        required      pam_deny.so

account     required      pam_unix.so

password    required      pam_cracklib.so try_first_pass retry=3 minlen=4  dcredit=0  ucredit=0 
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session    optional      pam_systemd.so
session     required      pam_unix.so
Marja Van Waes 2017-05-09 21:58:19 CEST

CC: (none) => marja11
Assignee: bugsquad => mageiatools
Source RPM: drakxtools-curses-17.82-1.mga6 => drakxtools-17.82-1.mga6
Summary: drakauth do not modify /etcpam.d/system-auth when switching to ldap auth => drakauth does not modify /etcpam.d/system-auth when switching to ldap auth

Comment 1 Fabrice Boyrie 2019-11-27 16:56:54 CET 
The bug is always here in latest Mageia 7. I know Mageia is not an entreprise distribution, but if you propose an option in a tool it should works.