After modifying system-auth as you suggested ( I removed the ldap
definitions from system-auth and reordered the sssd definitions),
authok size came with the value 10
and caching is working now. Thanks for your help.
I have another question; I also had to comment #ldap_pwd_policy = shadow
If I don't comment ldap_pwd_policy = shadow line I got below errors even
I have ShadowExpire and ShadowLastChange attriutes set.
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[get_port_status] (7): Port status of port 636 for server '
ldaptest.jazzythemartian.com' is 'working'
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[get_server_status] (7): Status of server 'ldaptest.jazzythemartian.com' is
'working'
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[be_resolve_server_done] (4): Found address for server
ldaptest.jazzythemartian.com: [172.16.50.123]
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[fo_set_port_status] (4): Marking port 636 of server '
ldaptest.jazzythemartian.com' as 'working'
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[set_server_common_status] (4): Marking server 'ldaptest.jazzythemartian.com'
as 'working'
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[find_password_expiration_attributes] (1): No shadow password attributes
found, but shadow password policy was requested.
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[get_user_dn] (1): find_password_expiration_attributes failed.
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal
Error (System error)]
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[be_pam_handler_callback] (4): Sending result [4][
ldaptest.jazzythemartian.com]
(Fri Nov 18 16:00:14 2011) [sssd[be[ldaptest.jazzythemartian.com]]]
[be_pam_handler_callback] (4): Sent result [
4][ldaptest.jazzythemartian.com]
On Fri, Nov 18, 2011 at 3:42 PM, Jan Zeleny <jzeleny(a)redhat.com> wrote:
Aziz Sasmaz <aziz.sasmaz(a)gmail.com> wrote:
> I am sure I am not sending zero-length pass. Can it be beacuse of the
> system-auth configuration?
Probably, you are using:
auth sufficient pam_sss.so use_first_pass
before pam_unix line. I suggest either moving it after that line or
deleting
the use_first_pass argument
Thanks
Jan