su not giving proper message for restricted LDAP groups
Posted
by
user1743881
on Server Fault
See other posts from Server Fault
or by user1743881
Published on 2012-10-13T20:10:57Z
Indexed on
2012/10/13
21:40 UTC
Read the original article
Hit count: 312
I have configured PAM authentication on Linux box to restrict particular group only to login.
I have enabled pam and ldap through authconfig and modified access.conf
like below,
[root@test root]# tail -1 /etc/security/access.conf
- : ALL EXCEPT root test-auth : ALL
Also modified sudoers file, to get su for this group
<code>
[root@test ~]# tail -1 /etc/sudoers
%test-auth ALL=/bin/su</code>
Now, only this ldap group members can login to system.
However when from any of this authorized user, I tried for su, it asks for password and then though I enter correct password it gives message like Incorrect password and login failed.
/var/log/secure shows that user is not having permission to get the access, but then it should print message like Access denied.The way it prints for console login.
My functionality is working but its no giving proper messages. Could anyone please help on this.
My /etc/pam.d/su
file,
[root@test root]# cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
© Server Fault or respective owner