Re: LDAP authentication with PAM
>>>>> "Wichert" == Wichert Akkerman <email@example.com> writes:
Wichert> auth sufficient pam_unix.so auth required pam_ldap.so
Just curious: what is preferred: try_first_pass or use_first_pass?
from December last year on heimdal-discuss:
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:
Nicolas> All of them do. The use_first_password argument tells the
Nicolas> given module to use the first password the user typed in
Nicolas> and prompt for no other passwords, even if the first
Nicolas> password was incorrect.
Nicolas> As opposed to try_first_password which tells the given
Nicolas> module to try the first password typed in by the user and
Nicolas> that, if that password is incorrect, then the module is
Nicolas> free to prompt for additional passwords.
So use_first_password is more flexible in that the passwords on the
two different systems could be different, but might cause confusion
if/when two prompts are displayed.
(now that is something that I can't see documented anywhere).
Brian May <firstname.lastname@example.org>