From owner-freebsd-stable@FreeBSD.ORG Wed Nov 10 18:41:13 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4616C16A4CE for ; Wed, 10 Nov 2004 18:41:13 +0000 (GMT) Received: from gundel.de.clara.net (gundel.de.clara.net [212.82.225.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5FEF43D1F for ; Wed, 10 Nov 2004 18:41:12 +0000 (GMT) (envelope-from cm@de.clara.net) Received: from port-212-202-52-250.dynamic.qsc.de ([212.202.52.250] helo=turbofresse) by gundel.de.clara.net with smtp (Exim 4.30; FreeBSD) id 1CRxbf-000C9a-BT; Wed, 10 Nov 2004 19:54:11 +0100 Message-ID: <000501c4c754$d8adddf0$45fea8c0@turbofresse> From: To: "Patrick Okui" References: <2627048885E8BF7F8DCDCFD2@jesk.int.de.clara.net> <200411102021.18553.pokui@psg.com> Date: Wed, 10 Nov 2004 19:41:09 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 cc: freebsd-stable@freebsd.org Subject: Re: Pam Authorization Problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 18:41:13 -0000 > huh? as in a user that more or less does *not* exist on your system can log > in? do you have any other authentication modules that the system falls to? Sure, authentication is enabled too, but i want to limit access through authorization. here my whole pam.d/sshd configuration: --- # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_login_access.so account sufficient /usr/local/lib/pam_ldap.so account required pam_unix.so # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass --- when i login to the system i become the message: --- You must be a uniqueMember of cn=klever,ou=hosts,dc=xxx,dc=xxx,dc=xxx to login. --- but exactly this is not true, then why i can login?