[FC2] pam_ldap and root user
Lionel LENOBLE
lenoble at cip.dauphine.fr
Tue Jun 1 12:24:30 UTC 2004
Here's mine :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Hope that'll help !
works fine for me :)
Lionel LENOBLE.
> Hello,
>
> When I try to log in as root, the PAM stack uses LDAP to check the
> password.
> How can I prevent this ? I'd like to have a set of local users, so that
> PAM looks up in LDAP only if the user doesn't exist on the system.
> I've put everywhere pam_unix.so as 'sufficient' and before pam_ldap.so,
> but to no avail :(
>
> Here is my /etc/pam.d/system-auth :
>
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required /lib/security/$ISA/pam_mount.so
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> use_first_pass
> auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
> auth required /lib/security/$ISA/pam_deny.so
>
> account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
> account sufficient /lib/security/$ISA/pam_unix.so
> account [default=bad success=ok user_unknown=ignore]
> /lib/security/$ISA/pam_ldap.so
>
> password requisite /lib/security/$ISA/pam_cracklib.so retry=3
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_mount.so
> session sufficient /lib/security/$ISA/pam_unix.so
> session sufficient /lib/security/$ISA/pam_ldap.so
>
>
> Thanks a lot,
>
> --
> Damiano ALBANI
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-------------------------------------------------------------------
Ce message a été envoyé à partir de http://webmail.cip.dauphine.fr/
Centre d'Ingéniérie Pédagogique de l'Université Paris-Dauphine
http://www.cip.dauphine.fr/
More information about the Pam-list
mailing list