Yes, I suggest using Redhat's authconfig to configure PAM+LDAP.<br><br>It will update your /etc/ldap.conf, /etc/nsswitch.conf, and /etc/pam.d/* files.<br><br>The /etc/nsswitch.conf files the "switch" you are looking for.<br>
<br>Also, I see Brian posted to the Colug list a reply. Brian is a great ldap resource too.<br><br>pamchk?? Oh wow, that's old stuff. I'd have to take a look again. All that stuff needs cleaned up.... I'll have to take a look. Hum... pamchk seems find here (Linux raistlin 2.6.40.3-0.fc15.x86_64 #1 SMP Tue Aug 16 04:10:59 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux). Did you build it with the Makefile? See Makefile here...<br>
<br>################################################<br># Makefile for: chkpam<br># Programmer: Travis Sidelinger<br># Date: 2005May14<br><br>## Variables ##<br>CC = gcc<br>CFLAGS = -DUSE_PAM -g -Wall <br>LDFLAGS = -ldl -lpam -lpam_misc<br>
<br>## Main ##<br><br>all: chkpam<br><br>chkpam: chkpam.o <br> $(CC) -o chkpam chkpam.o $(LDFLAGS)<br><br>chkpam.o: chkpam.c<br> $(CC) -c chkpam.c $(CFLAGS)<br><br>clean:<br> rm -f chkpam.o chkpam core.*<br>
################################################<br><br><br><br><br><div class="gmail_quote">On Wed, Sep 7, 2011 at 8:07 PM, Matthew Gardlik, Ph.D. <span dir="ltr"><<a href="mailto:matt@mattgardlik.com">matt@mattgardlik.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi Travis,<br>
<br>
I had a few more questions for you if you don't mind. I ran across a webpage that suggested running "authconfig -test" to see how PAM is configured. The relevant portion of the output is shown below:<br>
<br>
[root@MMG_GUEST_001 pam]# authconfig --test<br>
. . .<br>
pam_ldap is disabled<br>
<br>
LDAP+TLS is disabled<br>
LDAP server = "ldap://<a href="http://127.0.0.1/" target="_blank">127.0.0.1/</a>"<br>
LDAP base DN = "dc=root"<br>
. . .<br>
<br>
I'm running a virtual instance of CentOS 5.6. Do I need to flip a switch somewhere to enable ldap? Or, how does authconfig determine which methods are enabled? I thought I had configured /etc/ldap.conf, but maybe I need to enable ldap somewhere else before the config file is looked at?<br>
<br>
I noticed a program you wrote called chkpam when looking at your website. I thought it might be useful to me as I played with PAM and LDAP. I ran into a few problems though.<br>
<br>
When compiling, I got the following errors:<br>
<br>
[root@MMG_GUEST_001 pam]# g++ -c main-old.cpp<br>
main-old.cpp: In function ‘int main(int, char**)’:<br>
main-old.cpp:68: error: invalid conversion from ‘void*’ to ‘char*’<br>
main-old.cpp:74: error: invalid conversion from ‘void*’ to ‘char*’<br>
<br>
So, I cast the return values from malloc as char*:<br>
<br>
[root@MMG_GUEST_001 pam]# diff main-old.cpp main.cpp<br>
68c68<br>
< username = malloc(sizeof(optarg));<br>
---<br>
> username = (char*) malloc(sizeof(optarg));<br>
74c74<br>
< pam_service = malloc(sizeof(optarg));<br>
---<br>
> pam_service = (char*) malloc(sizeof(optarg));<br>
<br>
<br>
It then compiled. However, when I tried to link to libpam, I get:<br>
<br>
[root@MMG_GUEST_001 pam]# g++ -o main main.o -lpam<br>
main.o:(.data+0x0): undefined reference to `misc_conv'<br>
collect2: ld returned 1 exit status<br>
<br>
Am I linking incorrectly? It looks like misc_conv is a structure defined in the pam headers. I'm not quite sure what I'm doing wrong here.<br><font color="#888888">
<br>
<br>
-- <br>
Matthew M. Gardlik, Ph.D.<br>
Registered Patent Agent, Reg. No. 67,089<br>
<a href="tel:614-607-0710" value="+16146070710" target="_blank">614-607-0710</a><br>
<a href="mailto:matt@mattgardlik.com" target="_blank">matt@mattgardlik.com</a><br>
<a href="http://www.mattgardlik.com/" target="_blank">http://www.mattgardlik.com/</a><br>
</font></blockquote></div><br><br clear="all"><br>-- <br>"A careful reading of history clearly demonstrates ...<br>that people don't read history carefully.”<br><br>