However, whenever I try to login, I only get back to the login screen.
I tried ood@localhost, as well as other users (myself) that work fine with SSH on that box.
Whenever I enter the username by itself, it tells me “Failed to map user”, which is expected.
I’m sure I’m missing a small critical piece of this process.
The Apache module is installed as mod_authnz_pam.
And the HTTP service gives me error messages like this: Jun 01 11:12:58 log01 httpd[109384]: pam_unix(ood:auth): check pass; user unknown Jun 01 11:12:58 log01 httpd[109384]: pam_unix(ood:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost=10.17.0.186
Does it think that the ood user is UID 48? It isn’t. What am I missing ?
Hello Again,
Thanks for that info. The actual issue I am experiencing is that authentication is not working at all for the moment. For now, I am trying to log in as the default ood user. This user has no SSH password set in the system, but the ood user exists. I try to log into the newly created system as “ood@localhost” with the default “password” as the pw, but I just get returned to the login screen. Not sure what I could be missing.
Thanks Gerald,
I notice that the error message says unknown user with UID 48, which happens to be the UID of Apache. Not sure why it is not using the UID of the login user.
In trying to replicate the install process, I started fresh on a new RHEL 8 system
These are the steps I have taken. It currently produces an internal server error (500).
I know we’ve solved this before, I just don’t remember what was done.
This is what I did on the new system, following the instructions line by line.
Enable the modules and install the packages
yum module enable ruby:2.7
yum module enable nodejs:12
yum install ondemand ondemand-dex
This is BEFORE trying to configure PAM for authentication.
If I add the PAM configuration and reload the portal,
I get a login screen, but cannot authenticate.
Just looking to allow the ood user to login to the dashboard for now.
I’m sure I’m missing something, just don’t know what it could be.
I am able to recreate the issue you are having. I will look into it tonight, but just a reminder, I will not be back in the office until Monday most likely.
There is different behaviour when you have ondemand-dex installed. You have it installed, so we assumed you’re using it and do a few things automatically.
Remove ondemand-dex RPM and we’ll stop making that assumption.
That said - we’re dropping support for PAM because it is so very incredibly insecure. Dex is a very good option if you have an LDAP to connect to.
Thanks to Jeff and Gerald, we are able to authenticate again.
Yes, we are still using PAM for this proof of concept.
However, once our IdM system is up we will switch to LDAP.