Can log in with either local(shadow) or ldap password
Orion Poplawski
orion at cora.nwra.com
Thu Feb 5 21:38:49 UTC 2009
On our laptops we have local users defined in /etc/shadow for offline use. We
also authenticate against and LDAP server. Interestingly, when on the network a
user can log in with either the local or ldap password. I would have expected
only the local password to work. I believe this was the case when we used NIS
instead of LDAP.
system-auth:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
/etc/nsswitch.conf
shadow: files ldap
- Orion
More information about the Pam-list
mailing list