[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: sufficient account management checking for locally defined users



>  account    required     pam_unix.so
>  account    [default=die success=ok authinfo_unavail=ignore user_unknown=ignore] pam_ldap.so
>
>This means that pam_ldap can happily return PAM_USER_UNKNOWN, and PAM
>can then ignore this return value.  This works, but doesn't satisfy
>the policy I've outlined above.

You can also use the ignore_unknown_user option to pam_ldap, for
versions of PAM that do not support this extended configuration 
syntax.

-- luke

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []