Estes programas não respeitam o nsswitch?

Question

Estes programas não respeitam o nsswitch?

0

Eu configurei o LDAP e o nsswitch no Ubuntu e, até certo ponto, parece funcionar. Por exemplo, getent passwd lista contas do /etc/passwd e do servidor LDAP.

No entanto, por exemplo, id <user> , sudo -u <user> bash parece não reconhecer as contas do servidor LDAP. Será que esses programas só analisam /etc/passwd independentemente das configurações do nsswitch? Existem outros programas (importantes) que apenas analisam /etc/passwd dos quais eu deveria estar ciente?

meu /etc/nsswitch.conf é:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the 'glibc-doc-reference' and 'info' packages installed, try:
# 'info libc "Name Service Switch"' for information about this file.

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files ldap mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Mas como getent parece reconhecer as contas do LDAP, não estou convencido de que nsswitch seja o problema.

Quanto à configuração pam , não sei exatamente o que devo procurar, para mim parece OK. grep "^[^#]" * dá

accountsservice:password   substack      common-password
accountsservice:password   optional      pam_pin.so
chfn:auth       sufficient  pam_rootok.so
chfn:@include common-auth
chfn:@include common-account
chfn:@include common-session
chpasswd:@include common-password
chsh:auth       required   pam_shells.so
chsh:auth       sufficient  pam_rootok.so
chsh:@include common-auth
chsh:@include common-account
chsh:@include common-session
common-account:account  [success=2 new_authtok_reqd=done default=ignore]    pam_unix.so 
common-account:account  [success=1 default=ignore]  pam_ldap.so 
common-account:account  requisite           pam_deny.so
common-account:account  required            pam_permit.so
common-auth:auth    [success=2 default=ignore]  pam_unix.so nullok_secure
common-auth:auth    [success=1 default=ignore]  pam_ldap.so use_first_pass
common-auth:auth    requisite           pam_deny.so
common-auth:auth    required            pam_permit.so
common-password:password    [success=2 default=ignore]  pam_unix.so obscure sha512
common-password:password    [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass
common-password:password    requisite           pam_deny.so
common-password:password    required            pam_permit.so
common-session:session  [default=1]         pam_permit.so
common-session:session  requisite           pam_deny.so
common-session:session  required            pam_permit.so
common-session:session optional         pam_umask.so
common-session:session  required    pam_unix.so 
common-session:session  optional            pam_ldap.so 
common-session:session  optional    pam_systemd.so 
common-session-noninteractive:session   [default=1]         pam_permit.so
common-session-noninteractive:session   requisite           pam_deny.so
common-session-noninteractive:session   required            pam_permit.so
common-session-noninteractive:session optional          pam_umask.so
common-session-noninteractive:session   required    pam_unix.so 
common-session-noninteractive:session   optional            pam_ldap.so 
cron:@include common-auth
cron:session    required     pam_loginuid.so
cron:session       required   pam_env.so
cron:session       required   pam_env.so envfile=/etc/default/locale
cron:@include common-account
cron:@include common-session-noninteractive 
cron:session    required   pam_limits.so
login:auth       optional   pam_faildelay.so  delay=3000000
login:auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
login:auth       requisite  pam_nologin.so
login:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
login:session       required   pam_env.so readenv=1
login:session       required   pam_env.so readenv=1 envfile=/etc/default/locale
login:@include common-auth
login:auth       optional   pam_group.so
login:session    required   pam_limits.so
login:session    optional   pam_lastlog.so
login:session    optional   pam_motd.so  motd=/run/motd.dynamic noupdate
login:session    optional   pam_motd.so
login:session    optional   pam_mail.so standard
login:@include common-account
login:@include common-session
login:@include common-password
login:session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
newusers:@include common-password
other:@include common-auth
other:@include common-account
other:@include common-password
other:@include common-session
passwd:@include common-password
polkit-1:@include common-auth
polkit-1:@include common-account
polkit-1:@include common-password
polkit-1:session       required   pam_env.so readenv=1 user_readenv=0
polkit-1:session       required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
polkit-1:@include common-session
ppp:auth    required    pam_nologin.so
ppp:@include common-auth
ppp:@include common-account
ppp:@include common-session
runuser:auth        sufficient  pam_rootok.so
runuser:session     optional    pam_keyinit.so revoke
runuser:session     required    pam_limits.so
runuser:session     required    pam_unix.so
runuser-l:auth      include     runuser
runuser-l:session       optional    pam_keyinit.so force revoke
runuser-l:-session  optional    pam_systemd.so
runuser-l:session       include     runuser
sshd:@include common-auth
sshd:account    required     pam_nologin.so
sshd:@include common-account
sshd:session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
sshd:session    required     pam_loginuid.so
sshd:session    optional     pam_keyinit.so force revoke
sshd:@include common-session
sshd:session    optional     pam_motd.so  motd=/run/motd.dynamic
sshd:session    optional     pam_motd.so noupdate
sshd:session    optional     pam_mail.so standard noenv # [1]
sshd:session    required     pam_limits.so
sshd:session    required     pam_env.so # [1]
sshd:session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
sshd:session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
sshd:@include common-password
su:auth       sufficient pam_rootok.so
su:session       required   pam_env.so readenv=1
su:session       required   pam_env.so readenv=1 envfile=/etc/default/locale
su:session    optional   pam_mail.so nopen
su:@include common-auth
su:@include common-account
su:@include common-session
sudo:session    required   pam_env.so readenv=1 user_readenv=0
sudo:session    required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
sudo:@include common-auth
sudo:@include common-account
sudo:@include common-session-noninteractive
systemd-user:@include common-account
systemd-user:@include common-session-noninteractive
systemd-user:session optional pam_systemd.so

sudo pam ldap nsswitch

por skyking 24.10.2015 / 12:04

0 respostas

Tags sudo pam ldap nsswitch

Conexão ssh do PostgreSQL a partir da rede externa Como ativar o driver Realtek 8188ee no CentOS 6.7?