[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Filter to AND with uid=%s



On Fri, Oct 06, 2000 at 12:58:53PM -0500, Kelli Wolfe wrote:
> Red Hat 7.0 changed to a "stack" system for the /etc/pam.d 
> files. These all point to system-auth, which only has pam_unix
> and pam_ldap in it.  I did look at the files you suggested and 
> they have pam_ldap and pam_unix for auth and then pam_ldap and 
> pam_pwdb for password.
> 
> I'm curious why going to pam_pwdb would be a bad thing?  Either
> one works for LDAP authentication, its just that the pam_pwdb
> doesn't get a password for an LDAP account, whereas pam_unix does.

This is one of the bigger problems, actually.  The account module in
pam_pwdb will return error codes if the user information is in a
database pwdb can't get to or doesn't know about, which rendered it
borderline-useless in the environment we had when I was in school.  We
were very happy when the current incarnation of pam_unix was released.

Does setting pam_unix and pam_ldap both to "required" and eliminating
the call to pam_deny below them, all in the "account" section of the
configuration file, solve the problem?  From a short peek at the sources,
it looks like it should....

Nalin





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []