20814 – drakauth does not modify /etcpam.d/system-auth when switching to ldap auth

Bug 20814 - drakauth does not modify /etcpam.d/system-auth when switching to ldap auth

Summary: drakauth does not modify /etcpam.d/system-auth when switching to ldap auth

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia tools maintainers
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-09 15:01 CEST by Fabrice Boyrie
Modified:	2019-11-27 16:56 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	drakxtools-17.82-1.mga6
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Fabrice Boyrie 2017-05-09 15:01:09 CEST

Description of problem:
When I use ldap auth with drakauth, ssh and sudo does not works.


Version-Release number of selected component (if applicable):
future mageia 6, worked with mageia 5

How reproducible: each time


Steps to Reproduce:
1. launch drakauth
2. choose ldap authentification (with certificate for ssl)
3. validate

If i compare between mageia 5 and 6, the nslcd.conf is correct.

But on mageiea5, in /etc/pam.d/system-auth

#%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_tcb.so shadow nullok prefix=$2a$ count=8
auth        [authinfo_unavail=ignore user_unknown=ignore success=1 default=2] pam_ldap.so use_first_pass
auth        [default=done] pam_ccreds.so action=validate use_first_pass
auth        [default=done] pam_ccreds.so action=store
auth        [default=bad] pam_ccreds.so action=update
auth        required      pam_deny.so

account     sufficient    pam_tcb.so shadow
account     [authinfo_unavail=ignore default=done] pam_ldap.so use_first_pass
account     required      pam_permit.so

password    required      pam_cracklib.so try_first_pass retry=3 minlen=4  dcredit=0  ucredit=0 
password    sufficient    pam_tcb.so use_authtok shadow write_to=shadow nullok prefix=$2a$ count=8
password    sufficient    pam_ldap.so
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session    optional      pam_systemd.so
session     required      pam_tcb.so

On Mageia 6
#%PAM-1.0

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass likeauth nullok
auth        required      pam_deny.so

account     required      pam_unix.so

password    required      pam_cracklib.so try_first_pass retry=3 minlen=4  dcredit=0  ucredit=0 
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session    optional      pam_systemd.so
session     required      pam_unix.so

Marja Van Waes 2017-05-09 21:58:19 CEST

CC: (none) => marja11
Assignee: bugsquad => mageiatools
Source RPM: drakxtools-curses-17.82-1.mga6 => drakxtools-17.82-1.mga6
Summary: drakauth do not modify /etcpam.d/system-auth when switching to ldap auth => drakauth does not modify /etcpam.d/system-auth when switching to ldap auth

Comment 1 Fabrice Boyrie 2019-11-27 16:56:54 CET

The bug is always here in latest Mageia 7. I know Mageia is not an entreprise distribution, but if you propose an option in a tool it should works.

Note You need to log in before you can comment on or make changes to this bug.