[Classic-discuss] can´t login locally without openldap running
Rolf Deenen
rdeenen at home.nl
Mon Mar 5 10:59:22 UTC 2007
Hello Mikeal
I am sorry i replied to you directly. I didn't notice. Should we continue
this thread on the list?
When writing my last reply is asked myself whether i should make notice
off the fact that i normally can't login to ssh as root directly, but
during testing I had left this option open :-) .
I will verify whether i am able to log in locally this evening and let you
know.
Thanks,
Rolf
On Mon, March 5, 2007 11:27, Mikael Bak wrote:
> On Monday 05 March 2007 11:02, Rolf Deenen wrote:
>
>> Hi Mikael, list,
>>
>>
>
> Hi,
> The list never got your message :-)
>
>
>> Thanks for the reply. I asked this question because i am concerned that
>> in the case of a failure with ldap (like an error in my security setup,
>> locking myself out or a network error preventing openldap to start,
>> which has happened to me in the recent past) I won't be able to login as
>> root to troubleshoot and fix the problem. I am not intending to turn off
>> ldap.
>>
>
> I see.
>
>
>> To clearivy my problem i did the following test today. I am not at home
>> now so i did it through ssh. The problem is the same when sitting by
>> the console.
>>
>> 1. using ssh i log in to the server as root. This works fine.
>> 2. as root i excecute: service ldap stop.
>> 3. Now i start a second ssh session and i try to login as root
>> 4. Now it gives me "access denied". 3 times than the connection is
>> terminated. 5. When, in my first ssh session i start ldap again, i am
>> able to log in as root.
>>
>
> First of all. I always turn off the possibility to directly log in as
> root via ssh. I always have an extra user (in /etc/passwd) who is able to
> login and then I use "su -" to turn myself into root. This is for
> security.
>
> I tried exactly what you described. The only difference is that I can't
> login directly as root. So I did this:
>
> 1. ssh to my box as normal user in /etc/passwd (let's call this user
> mikael) 2. su -
> 3. service ldap stop
> 4. new ssh session and log in as mikael - success
> 5. su - (su: incorrect password)
>
>
> If I turn on LDAP again from the other console then I'm able to su -.
>
>
> It seems to me that it's a problem with root priviledges when the LDAP is
> turned off. I will take a look at this.
>
> Can you confirm similar behaviour?
> Additionally, can you please chech if youre able to log in from console? I
> do not have physical access to my machine, so I can't check that.
>
> Mikael
>
>
More information about the Classic-discuss
mailing list