[FC2] pam_ldap and root user
ALBANI damiano
damiano.albani at univ-lr.fr
Thu May 27 10:30:49 UTC 2004
Hello,
When I try to log in as root, the PAM stack uses LDAP to check the password.
How can I prevent this ? I'd like to have a set of local users, so that
PAM looks up in LDAP only if the user doesn't exist on the system.
I've put everywhere pam_unix.so as 'sufficient' and before pam_ldap.so,
but to no avail :(
Here is my /etc/pam.d/system-auth :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_mount.so
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
use_first_pass
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account sufficient /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_mount.so
session sufficient /lib/security/$ISA/pam_unix.so
session sufficient /lib/security/$ISA/pam_ldap.so
Thanks a lot,
--
Damiano ALBANI
More information about the Pam-list
mailing list