[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Two independant auth's desired for imap



This is probably an easy question, but I'm having troubles
getting the answer in my searches.

In my current imap pam config file I have this:

#%PAM-1.0
account     sufficient   pam_winbind.so
account     sufficient   pam_ldap.so
auth        sufficient    pam_winbind.so try_first_pass
auth        sufficient    pam_ldap.so try_first_pass debug
auth        required      pam_deny.so

This works for AD users and users stored in an Oracle LDAP database.

However what we are finding is that if I have an account on one
system and I can authenticate on the other, then I'm in.
The way I'd like it to work, using shell script analogy is:

account     sufficient   pam_ldap.so && auth        sufficient
pam_ldap.so try_first_pass debug

and likewise for winbind.

Is there a path to doing this in pam?

--Donald


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]