> auth [success=1 default=ignore] pam_unix.so > auth required pam_ldap.so use_first_pass > auth required pam_permit.so > The third line is needed, so "success=1" can skip over one module and > still has a module to jump to. Without that, PAM segfaults! > > - If you want to use the "pam_check_host_attr" feature, make sure > "pam_unix.so" doesn't provide a valid "account" via the Name Service > Switch (NSS), which overrides your LDAP configuration. Don't use "ldap" > for "shadow" in /etc/nsswitch.conf, just use "shadow: files". For PAM, > use something like the following: > # Try local /etc/shadow first and skip LDAP on success > account [success=1 default=ignore] pam_unix.so > account required pam_ldap.so > account required pam_permit.so Das habe ich ausprobiert. Nur funktioniert ein login damit nicht. Weder lokale noch LDAP-User können sich einloggen. Klemens -- Klemens Kittan Systemadministrator Uni-Potsdam, Inst. f. Informatik August-Bebel-Str. 89 14482 Potsdam Tel. : +49-331-977/3125 Fax. : +49-331-977/3122 eMail : kittan@cs.uni-potsdam.de gpg --recv-keys --keyserver wwwkeys.de.pgp.net 6EA09333
Attachment:
pgpkXNvlzXTb7.pgp
Description: PGP signature