[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP authentication with PAM

>>>>> "Wichert" == Wichert Akkerman <wichert@cistron.nl> writes:

    Wichert> auth sufficient pam_unix.so auth required pam_ldap.so
    Wichert> try_first_pass

Just curious: what is preferred: try_first_pass or use_first_pass?

from December last year on heimdal-discuss:

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:

    Nicolas> All of them do. The use_first_password argument tells the
    Nicolas> given module to use the first password the user typed in
    Nicolas> and prompt for no other passwords, even if the first
    Nicolas> password was incorrect.

    Nicolas> As opposed to try_first_password which tells the given
    Nicolas> module to try the first password typed in by the user and
    Nicolas> that, if that password is incorrect, then the module is
    Nicolas> free to prompt for additional passwords.

So use_first_password is more flexible in that the passwords on the
two different systems could be different, but might cause confusion
if/when two prompts are displayed.

(now that is something that I can't see documented anywhere).
-- 
Brian May <bam@debian.org>
Reply to: