Bugzilla – Bug 1211727
[doc] Issue in "Configuring PAM using pam-config"
Last modified: 2024-03-14 10:12:51 UTC
Configuring PAM using pam-config: https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-pam.html#sec-pam-pam-config This paragraph mentions LDAP as an example of authentication method when using pam-config. pam-config even lists pam_ldap as a supported module, which, however, isn't available anymore in SLES15 SP4. ---%>--- # pam-config --list | grep ldap pam_ldap.so # pam-config --add --ldap ERROR: module /lib64/security/pam_ldap.so is not installed. ---%<--- I ignore why pam-config still lists pam_ldap, but that's perhaps a matter for a separate bug report or discussion. Thank you
Thank you for reporting this bug! It is being tracked and processed as part of our queue.
Tested on a 15.4 VM: Supported common modules: pam_access.so pam_apparmor.so pam_ccreds.so pam_cracklib.so pam_deny.so pam_ecryptfs.so pam_env.so pam_exec.so pam_fp.so pam_fprint.so pam_fprintd.so pam_gnome_keyring.so pam_group.so pam_krb5.so pam_kwallet5.so pam_ldap.so pam_limits.so pam_localuser.so pam_make.so pam_mkhomedir.so pam_mktemp.so pam_nam.so pam_passwdqc.so pam_pkcs11.so pam_pwcheck.so pam_pwhistory.so pam_selinux.so pam_ssh.so pam_sss.so pam_succeed_if.so pam_systemd.so pam_thinkfinger.so pam_umask.so pam_unix.so pam_unix2.so pam_winbind.so Supported service modules: pam_ck_connector.so pam_cryptpass.so pam_csync.so pam_keyinit.so pam_lastlog.so pam_loginuid.so pam_mount.so pam_google_authenticator.so amrita@localhost:~>
amrita@localhost:~> sudo pam-config --list | grep ldap pam_ldap.so
Hi Manuel, Can you please share , what other authentication menthod can be used as an example in place of ldap in the example use case? Thanks Amrita
amrita@localhost:~> sudo pam-config --add --ldap ERROR: module /lib64/security/pam_ldap.so is not installed. pam-config: invalid option -- --ldap Try `pam-config --help' or `pam-config --usage' for more information.
Hi William, Need your insights on what auth method can be used as an example instead of LDAP Thanks Amrita
(In reply to Amrita Sakthivel from comment #4) > Hi Manuel, > > Can you please share , what other authentication menthod can be used as an > example in place of ldap in the example use case? > > Thanks > Amrita Hi Amrita, For reference, the case where I saw this issue is: https://suse.lightning.force.com/lightning/r/Case/5005q00000RB3cwAAD/view 3:18 In some discussion with our colleagues, it was thought that sss was a better candidate for this: https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-security-auth.html https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-security-ldap.html#sec-security-ldap-server-sssd As a use case for chapter 2.5 of https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-pam.html#sec-pam-pam-config it would be more appropriate to mention sss in all commands instead of ldap. In addition, the body of that example text could link to this page which already mentions 'pam-config -a --sss': https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-security-ldap.html#sec-security-ldap-server-sssd Thank you
(In reply to Amrita Sakthivel from comment #6) > Hi William, > > Need your insights on what auth method can be used as an example instead of > LDAP > > Thanks > Amrita sssd with ldap should be used.
Merged into main and respective branches