[389-users] PAM PTA partially working
Prashanth Sundaram
psundaram at wgen.net
Tue Sep 22 14:42:19 UTC 2009
Here is my /etc/pam.d/ldapserver
auth sufficient /lib/security/pam_krb5.so use_first_pass
forwardable
password sufficient /lib/security/pam_krb5.so use_authtok
session optional /lib/security/pam_krb5.so
account sufficient /lib/security/pam_krb5.so
~
~
To revisit, here's the observation: pamsecure when set to TRUE authenticates
users only to the password in 389-ds, but when set to FALSE will
authenticate to the AD password only if the uid exists in /etc/passwd.
On 9/22/09 10:36 AM, "Rich Megginson" <rmeggins at redhat.com> wrote:
> Prashanth Sundaram wrote:
>> The account in /etc/passwd..
> Seems like a pam problem and/or misconfiguration then - if it finds the
> entry using pam_krb5, it should never look at /etc/passwd.
>>
>> ------------------------------------------------------------------------
>> Prashanth Sundaram wrote:
>>
>>
>> Yes, it works when there is a matching local user account.
>>
>> do you mean an account in /etc/passwd? or an account in LDAP?
>>
>> ------------------------------------------------------------------------
>>
>> --
>> 389 users mailing list
>> 389-users redhat com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>
More information about the Fedora-directory-users
mailing list