我已使用 SSSD 设置了 LDAP 身份验证,并且可以通过控制台和 ssh 顺利登录。但是,当我尝试通过 KDM 登录时,它只是显示身份验证失败...更具体地说:
Jan 9 10:29:11 adams20420 sssd[be[default]]: Failed to set LDAP SASL nocanon option to true. If your system is configured to use SASL, LDAP operations might fail.
Jan 9 10:29:24 adams20420 kdm: :1[4560]: PAM pam_parse: expecting return value; [...sufficeint]
Jan 9 10:29:24 adams20420 kdm: :1[4560]: PAM unable to dlopen(/lib64/security/pam_console.so): /lib64/security/pam_console.so: cannot open shared object file: No such file or directory
Jan 9 10:29:24 adams20420 kdm: :1[4560]: PAM adding faulty module: /lib64/security/pam_console.so
Jan 9 10:29:24 adams20420 kdm: :1[4560]: pam_ldap: ldap_starttls_s: Operations error
Jan 9 10:29:24 adams20420 kdm: :1[4560]: pam_unix(kde:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost= user=igierl1
这是 pam.d/kdm
auth required pam_env.so
auth substack system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session required pam_loginuid.so
session optional pam_console.so
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include system-auth
系统认证:
auth sufficient pam_ldap.so
auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
account sufficient pam_ldap.so
account required pam_unix.so
account optional pam_permit.so
password sufficeint pam_ldap.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_ldap.so
session optional pam_permit.so
答案1
您拼写错误sufficient为sufficeint。/etc/pam.d/system-auth
而且您似乎并没有直接使用 sssd;您调用了pam_ldap.so而不是pam_sss.so。