[colug-432] chkpam
Travis Sidelinger
travissidelinger at gmail.com
Thu Sep 8 13:00:16 EDT 2011
Yes, I suggest using Redhat's authconfig to configure PAM+LDAP.
It will update your /etc/ldap.conf, /etc/nsswitch.conf, and /etc/pam.d/*
files.
The /etc/nsswitch.conf files the "switch" you are looking for.
Also, I see Brian posted to the Colug list a reply. Brian is a great ldap
resource too.
pamchk?? Oh wow, that's old stuff. I'd have to take a look again. All
that stuff needs cleaned up.... I'll have to take a look. Hum... pamchk
seems find here (Linux raistlin 2.6.40.3-0.fc15.x86_64 #1 SMP Tue Aug 16
04:10:59 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux). Did you build it with
the Makefile? See Makefile here...
################################################
# Makefile for: chkpam
# Programmer: Travis Sidelinger
# Date: 2005May14
## Variables ##
CC = gcc
CFLAGS = -DUSE_PAM -g -Wall
LDFLAGS = -ldl -lpam -lpam_misc
## Main ##
all: chkpam
chkpam: chkpam.o
$(CC) -o chkpam chkpam.o $(LDFLAGS)
chkpam.o: chkpam.c
$(CC) -c chkpam.c $(CFLAGS)
clean:
rm -f chkpam.o chkpam core.*
################################################
On Wed, Sep 7, 2011 at 8:07 PM, Matthew Gardlik, Ph.D. <matt at mattgardlik.com
> wrote:
> Hi Travis,
>
> I had a few more questions for you if you don't mind. I ran across a
> webpage that suggested running "authconfig -test" to see how PAM is
> configured. The relevant portion of the output is shown below:
>
> [root at MMG_GUEST_001 pam]# authconfig --test
> . . .
> pam_ldap is disabled
>
> LDAP+TLS is disabled
> LDAP server = "ldap://127.0.0.1/"
> LDAP base DN = "dc=root"
> . . .
>
> I'm running a virtual instance of CentOS 5.6. Do I need to flip a switch
> somewhere to enable ldap? Or, how does authconfig determine which methods
> are enabled? I thought I had configured /etc/ldap.conf, but maybe I need to
> enable ldap somewhere else before the config file is looked at?
>
> I noticed a program you wrote called chkpam when looking at your website.
> I thought it might be useful to me as I played with PAM and LDAP. I ran
> into a few problems though.
>
> When compiling, I got the following errors:
>
> [root at MMG_GUEST_001 pam]# g++ -c main-old.cpp
> main-old.cpp: In function ‘int main(int, char**)’:
> main-old.cpp:68: error: invalid conversion from ‘void*’ to ‘char*’
> main-old.cpp:74: error: invalid conversion from ‘void*’ to ‘char*’
>
> So, I cast the return values from malloc as char*:
>
> [root at MMG_GUEST_001 pam]# diff main-old.cpp main.cpp
> 68c68
> < username = malloc(sizeof(optarg));
> ---
> > username = (char*) malloc(sizeof(optarg));
> 74c74
> < pam_service = malloc(sizeof(optarg));
> ---
> > pam_service = (char*) malloc(sizeof(optarg));
>
>
> It then compiled. However, when I tried to link to libpam, I get:
>
> [root at MMG_GUEST_001 pam]# g++ -o main main.o -lpam
> main.o:(.data+0x0): undefined reference to `misc_conv'
> collect2: ld returned 1 exit status
>
> Am I linking incorrectly? It looks like misc_conv is a structure defined
> in the pam headers. I'm not quite sure what I'm doing wrong here.
>
>
> --
> Matthew M. Gardlik, Ph.D.
> Registered Patent Agent, Reg. No. 67,089
> 614-607-0710
> matt at mattgardlik.com
> http://www.mattgardlik.com/
>
--
"A careful reading of history clearly demonstrates ...
that people don't read history carefully.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20110908/c6f655ed/attachment.html
More information about the colug-432
mailing list