Authentication problems with ldap
Whittier, Kevin CTR 63134
kevin.whittier.ctr at navy.mil
Mon Sep 22 18:22:18 UTC 2008
This works for my environment:
auth required pam_env.so
auth sufficient pam_unix.so audit
auth sufficient pam_ldap.so use_first_pass
# pam_ldap acct verifies host in ldap user's ACL and returns IGNORE if non-ldap.
# pam_unix acct succeeds w/o checking ACL if put 1st as pam_ldap auth would
# have already retrieved user's passwd and shadow info.
account required pam_ldap.so ignore_unknown_user ignore_authinfo_unavail
account required pam_tally.so deny=3 no_magic_root reset
account sufficient pam_unix.so audit
password requisite pam_cracklib.so retry=3 minlen=14 lcredit=-2 ocredit=-2 ucredit=-2 dcredit=-2
password sufficient pam_ldap.so use_authtok
password sufficient pam_unix.so use_authtok shadow md5 audit
# pam_ldap session, pam_sm_open_session(), closes any remaining ldap connection.
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_unix.so audit
session required pam_ldap.so
Kevin
From: Lynn York
Sent: Mon 9/22/2008 11:02 AM
To: Pluggable Authentication Modules
Subject: RE: Authentication problems with ldap
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080922/41119ac8/attachment.htm>
More information about the Pam-list
mailing list