Deprecating pam_stack.so
Tomas Mraz
tmraz at redhat.com
Wed Oct 12 09:10:56 UTC 2005
On Wed, 2005-10-12 at 11:05 +0200, Tomas Mraz wrote:
> On Wed, 2005-10-12 at 02:06 +0200, Bernardo Innocenti wrote:
> > Also, you can login as root with root's password from ldap
> > even tough there's a valid root entry in /etc/passwd.
> That's expected as both pam_ldap and pam_unix are sufficient entries.
> If you want to prevent that you can insert pam_succeed_if
I've forgot to finish this. You can insert pam_succeed_if in between
pam_unix and pam_ldap.
auth sufficient pam_unix.so .....
auth required pam_succeed_if.so uid != 0 quiet
auth sufficient pam_ldap.so .....
This way only the local unix password will work for root.
--
Tomas Mraz <tmraz at redhat.com>
More information about the fedora-devel-list
mailing list