The officially official Devuan Forum!

You are not logged in.

#1 2019-11-29 12:52:52

devlan
Member
Registered: 2019-08-17
Posts: 13  

slim does not evaluate pam_group settings

Hello,

I have an LDAP setup with Devuan ascii with libpam_ldap and libnss_ldap. "getent group" and "getent passwd" delivers the LDAP groups and users. To get local groups like audio, plugdev etc. assigned to the LDAP users I configured pam_group.so:

cat /etc/security/group.conf:
*;*;%DOMAINUSERS;Al0000-2400;plugdev,audio,cdrom,dialout,floppy,dip,video,netdev

cat /etc/pam.d/common-auth:
...
# here are the per-package modules (the "Primary" block)
auth    required                        pam_group.so use_first_pass
auth    [success=2 default=ignore]    pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]    pam_ldap.so use_first_pass
...

When I now login to slim login manager with an LDAP user and afterwards check my groups in a terminal I only get the LDAP groups but not the local groups:
~$ groups
STUDENTS DOMAINUSERS 5A 5B 5C 5D 6A 6B 6C 6D 7A 7B 7C 7D 8A 8B 8C 8D 9A 9B 9C 9D 10A 10B 10C 10D 11A 11B 11C 11D 12

When I login with ssh I get the local groups:
~$ groups
STUDENTS dialout cdrom floppy audio dip video plugdev netdev DOMAINUSERS 5A 5B 5C 5D 6A 6B 6C 6D 7A 7B 7C 7D 8A 8B 8C 8D 9A 9B 9C 9D 10A 10B 10C 10D 11A 11B 11C 11D 12

How do I tell slim to honor pam_group?

Thanks!

Offline

Board footer