Hello,
I have done some work in this area. I built 2 test labs one at home and one at work. The example below are form my home test lab. I was able to authenticate a Solaris client without TLS, to a RHEL OpenLDAP server.
Your Pam file looks odd. This is my PAM file from my a Solaris client.
Code:
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth required pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth required pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth required pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth required pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth sufficient pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_dial_auth.so.1
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account sufficient pam_ldap.so.1
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
hi
i have a lab with routers, switches etc, and i was internet users to authenticate from my solaris server to another AAA server and then they able to access any router or switch.
guide me where to start.
thanks,
Mazhar (2 Replies)
Greetings!
I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured.
I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Hi there,
I am looking for a detailed step-by-step how to configure ldapclient on solaris 10.
I used ldapclient manual, and edited nsswitch.conf and pam.conf, but it is not working.
thank you (2 Replies)
Hi all,
My code for configuring ldapclient is as follows:
ldapclient manual \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=proxyagent,cn=user1,dc=sema,dc=com \
-a proxyPassword=user1 \
-a defaultSearchBase=dc=sema,dc=com \
-a domainName=sema.com \
-a... (10 Replies)
This is a zone running Solaris 10u8 on a 6320 blade. The global zone is also running 10u8.
One my users is attempting to change his password and getting a following screen:
$ ssh remotesys
Password:
Warning: Your password has expired, please change it now.
New Password:
Re-enter new... (1 Reply)
Hey Guys,
How can I make the Solaris native ldapclient trust a CA? I am trying to use a selfsigned cert and it is not working. WHen I use ssltap to monitor the ssl traffic it shows this for the last client communication:
0: 15 03 01 00 02 02 30 | ......0
(7... (1 Reply)
Hello,
We have one Solaris 10 machine which has three LDAP servers configured. We want to remove one of them. I tried below ldapclient command however no change is made.
----------------------------------------------------------------------
ldapclient mod -a "defaultServerList=10.149.9.20... (0 Replies)
Hi,
I am looking for a shell/perl script which can used to get authenticate on relay server by a domain user account and password and send emails. Basically in our organisation system level authentication is blocked and we need to get authenticated via user level authentication on smtp... (1 Reply)
Dears,
Is there any way to secure ftp communication using transport layer security authentication /auth tls/? My background is solaris 10, wuftp. Scanned Solaris hosts in our network and found some insecure communications. Read all documents from oracle.com. But cannot find anything about... (1 Reply)