[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sun, Jul 28, 2002 at 12:02:56PM +1000, Brian May wrote:
> On my system, I have set it up to authenticate against PAM_Unix, and
> if that fails, it authenticates against PAM_LDaP.
> The problem is whenever somebody logs in (and this happens a lot when
> using IMP with an IMAP daemon), I get an error from PAM_Unix that the
> authentication failed.
> This error is redundant, as authentication usually has succeeded
> afterwards using PAM_LDAP.
> Is there anyway of preventing these errors filling up my log file, and
> only logging them if PAM authentication really fails?

I do not know if this will work in your situation, but I'm wondering if
using the recommended configuration, which seems to do the reverse --
authenticate via pam_ldap first and then if that fails use pam_unix --
will work for you.

Entries like this in your PAM configuration should accomplish this:

	auth		sufficient	pam_ldap.so
	auth		required	pam_unix.so use_first_pass
	account		sufficient	pam_ldap.so
	account		required	pam_unix.so use_first_pass
	session		required	pam_unix.so
	password	sufficient	pam_ldap.so
	password	required	pam_unix.so use_first_pass nullok md5

If you've already tried this before and it doesn't work, my apologies.

 --> Jijo

Federico Sevilla III   :  <http://jijo.free.net.ph/>
Network Administrator  :  The Leather Collection, Inc.
GnuPG Key ID           :  0x93B746BE

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: