[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP authentication with PAM

>>>>> "Brian" == Brian May <bam@debian.org> writes:

    Brian> 1. So if pam_ldap ever fails it will drop back to pam_unix.

2nd thoughts: putting pam_unix last was probably a bad idea. It means
that if the user's LDAP account has expired (for instance), they see a
confusing error "no account information available" from pam_unix,
instead of the sane "account has expired" error from pam_ldap.
Brian May <bam@debian.org>

Reply to: