Howdy,
Do we need to restart any service after making changed to pam modules? I have changed system-auth config, but not sure if I need to restart any service after making changes, e.g. ssh which uses pam. Any help?
-- Thanks, CS.
On Mon, 30 Aug 2010, Carlos S wrote:
Howdy,
Do we need to restart any service after making changed to pam modules? I have changed system-auth config, but not sure if I need to restart any service after making changes, e.g. ssh which uses pam. Any help?
Depends on what changes you made...
<obligatory-plea-for-more-information/>
Changed system-auth config to use LDAP.
The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.
When would it be requiring restart in general?
-- CS.
On Mon, Aug 30, 2010 at 12:41 PM, Paul Heinlein heinlein@madboa.com wrote:
On Mon, 30 Aug 2010, Carlos S wrote:
Howdy,
Do we need to restart any service after making changed to pam modules? I have changed system-auth config, but not sure if I need to restart any service after making changes, e.g. ssh which uses pam. Any help?
Depends on what changes you made...
<obligatory-plea-for-more-information/>
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Carlos S wrote:
Changed system-auth config to use LDAP.
The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.
When would it be requiring restart in general?
I think you need to restart sshd.
mark
-- CS.
On Mon, Aug 30, 2010 at 12:41 PM, Paul Heinlein heinlein@madboa.com wrote:
On Mon, 30 Aug 2010, Carlos S wrote:
Howdy,
Do we need to restart any service after making changed to pam modules? I have changed system-auth config, but not sure if I need to restart any service after making changes, e.g. ssh which uses pam. Any help?
Depends on what changes you made...
<obligatory-plea-for-more-information/>
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
At Mon, 30 Aug 2010 14:26:29 -0400 CentOS mailing list centos@centos.org wrote:
Carlos S wrote:
Changed system-auth config to use LDAP.
The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.
When would it be requiring restart in general?
I think you need to restart sshd.
No. You only need to restart sshd when you change /etc/ssh/sshd_config. Changing PAM to use LDAP does not affect the *running* sshd process(s). sshd consults PAM at each login time. PAM then loads in its LDAP module, etc. as needed. Oh, don't forget: /etc/nsswitch.conf needs to be updated and /etc/ldap.conf needs to be properly setup.
mark
-- CS.
On Mon, Aug 30, 2010 at 12:41 PM, Paul Heinlein heinlein@madboa.com wrote:
On Mon, 30 Aug 2010, Carlos S wrote:
Howdy,
Do we need to restart any service after making changed to pam modules? I have changed system-auth config, but not sure if I need to restart any service after making changes, e.g. ssh which uses pam. Any help?
Depends on what changes you made...
<obligatory-plea-for-more-information/>
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 30 Aug 2010, Carlos S wrote:
Changed system-auth config to use LDAP.
The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.
When would it be requiring restart in general?
Make sure you restart nscd before trying anything else.
If * you're doing LDAP over SSL, * you've configured LDAP to verify peers against a CA certificate, * that cert was not in place when you did the system-auth changes, then sometimes a reboot seems the easiest way out.
I suspect that I haven't played enough with tricks like "telinit u" to figure out the real magic. All I know is that a mid-stream switch to LDAP/SSL doesn't always "take" easily.
Thanks for the replies everyone.
It seems to be working without any sshd restart.
Also, I changed ldap conf to a non standard location for some debugging. It still uses same ldap url over ssl, so I didn't have to restart nscd. But it's good to know of potential pitfalls.
-- CS.
On Mon, Aug 30, 2010 at 3:25 PM, Paul Heinlein heinlein@madboa.com wrote:
On Mon, 30 Aug 2010, Carlos S wrote:
Changed system-auth config to use LDAP.
The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.
When would it be requiring restart in general?
Make sure you restart nscd before trying anything else.
If * you're doing LDAP over SSL, * you've configured LDAP to verify peers against a CA certificate, * that cert was not in place when you did the system-auth changes, then sometimes a reboot seems the easiest way out.
I suspect that I haven't played enough with tricks like "telinit u" to figure out the real magic. All I know is that a mid-stream switch to LDAP/SSL doesn't always "take" easily.
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos