[colug-432] chkpam

Travis Sidelinger travissidelinger at gmail.com
Thu Sep 8 13:00:16 EDT 2011 

Yes, I suggest using Redhat's authconfig to configure PAM+LDAP.

It will update your /etc/ldap.conf, /etc/nsswitch.conf, and /etc/pam.d/*
files.

The /etc/nsswitch.conf files the "switch" you are looking for.

Also, I see Brian posted to the Colug list a reply.  Brian is a great ldap
resource too.

pamchk??  Oh wow, that's old stuff.  I'd have to take a look again.  All
that stuff needs cleaned up....  I'll have to take a look.  Hum... pamchk
seems find here (Linux raistlin 2.6.40.3-0.fc15.x86_64 #1 SMP Tue Aug 16
04:10:59 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux).  Did you build it with
the Makefile?  See Makefile here...

################################################
# Makefile for: chkpam
# Programmer: Travis Sidelinger
# Date: 2005May14

## Variables ##
CC = gcc
CFLAGS =  -DUSE_PAM -g -Wall
LDFLAGS = -ldl -lpam -lpam_misc

## Main ##

all: chkpam

chkpam: chkpam.o
        $(CC) -o chkpam chkpam.o $(LDFLAGS)

chkpam.o: chkpam.c
        $(CC) -c chkpam.c $(CFLAGS)

clean:
        rm -f chkpam.o chkpam core.*
################################################




On Wed, Sep 7, 2011 at 8:07 PM, Matthew Gardlik, Ph.D. <matt at mattgardlik.com
> wrote:

> Hi Travis,
>
> I had a few more questions for you if you don't mind.  I ran across a
> webpage that suggested running "authconfig -test" to see how PAM is
> configured.  The relevant portion of the output is shown below:
>
> [root at MMG_GUEST_001 pam]# authconfig --test
> . . .
> pam_ldap is disabled
>
>  LDAP+TLS is disabled
>  LDAP server = "ldap://127.0.0.1/"
>  LDAP base DN = "dc=root"
> . . .
>
> I'm running a virtual instance of CentOS 5.6.  Do I need to flip a switch
> somewhere to enable ldap? Or, how does authconfig determine which methods
> are enabled?  I thought I had configured /etc/ldap.conf, but maybe I need to
> enable ldap somewhere else before the config file is looked at?
>
> I noticed a program you wrote called chkpam when looking at your website.
>  I thought it might be useful to me as I played with PAM and LDAP.  I ran
> into a few problems though.
>
> When compiling, I got the following errors:
>
> [root at MMG_GUEST_001 pam]# g++ -c main-old.cpp
> main-old.cpp: In function ‘int main(int, char**)’:
> main-old.cpp:68: error: invalid conversion from ‘void*’ to ‘char*’
> main-old.cpp:74: error: invalid conversion from ‘void*’ to ‘char*’
>
> So, I cast the return values from malloc as char*:
>
> [root at MMG_GUEST_001 pam]# diff main-old.cpp main.cpp
> 68c68
> <                 username = malloc(sizeof(optarg));
> ---
> >                 username = (char*) malloc(sizeof(optarg));
> 74c74
> <                 pam_service = malloc(sizeof(optarg));
> ---
> >                 pam_service = (char*) malloc(sizeof(optarg));
>
>
> It then compiled.  However, when I tried to link to libpam, I get:
>
> [root at MMG_GUEST_001 pam]# g++ -o main main.o -lpam
> main.o:(.data+0x0): undefined reference to `misc_conv'
> collect2: ld returned 1 exit status
>
> Am I linking incorrectly?  It looks like misc_conv is a structure defined
> in the pam headers.  I'm not quite sure what I'm doing wrong here.
>
>
> --
> Matthew M. Gardlik, Ph.D.
> Registered Patent Agent, Reg. No. 67,089
> 614-607-0710
> matt at mattgardlik.com
> http://www.mattgardlik.com/
>



-- 
"A careful reading of history clearly demonstrates ...
that people don't read history carefully.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20110908/c6f655ed/attachment.html

More information about the colug-432 mailing list