problem with command order in auth block
Michael Hamann
mail at mhamann.net
Tue May 10 10:53:27 UTC 2005
With the help of Narayana Pattipati I finally found a solution for my
problem below:
My auth block in my pam configuration looks now like:
auth sufficient pam_unix.so debug audit
auth required pam_winbind.so use_first_pass debug
auth required pam_storepw.so
auth required pam_nologin.so
auth required pam_env.so
The only problem here is that the password is even stored if the
authentication fails... But in this case the username/password combination
is wrong so thats not a real problem.
But my new problem is now (I don´t know if it is a real pam problem) that
when I try to add a local user to my system, the adduser util tries to set
a new password for the user created. Here pam directs him to winbind which
then tries to change the password for a non extistent user on my windows
server.
So this fails with an error and means that I´m also not able to change
passwords for local users.
Would it be possible to
my common-password:
password sufficient pam_winbind.so debug
password required pam_unix.so use_authtok obscure md5 shadow
password required pam_deny.so
Would it be possible to combine the possability to change local and remote
passwords - maybe depending on parameters ?
Thanks for any hints...
Michael
> I´m playing with some pam modules to set up a linux workstation system
integrated in an active directory including the mapping of home and
groupdirectories.
>
> To mount the shares after login I need to save the password temporarily
what I do with a pam modules pam_storepw in the "auth" section.
>
> Almost everything works fine for me except the fact that I can´t combine
winbind and unix authentication plus the pam_storepw module.
More information about the Pam-list
mailing list