Re: PAM_Unix, PAM_LDAP
On Sun, Jul 28, 2002 at 12:02:56PM +1000, Brian May wrote:
> On my system, I have set it up to authenticate against PAM_Unix, and
> if that fails, it authenticates against PAM_LDaP.
> The problem is whenever somebody logs in (and this happens a lot when
> using IMP with an IMAP daemon), I get an error from PAM_Unix that the
> authentication failed.
> This error is redundant, as authentication usually has succeeded
> afterwards using PAM_LDAP.
> Is there anyway of preventing these errors filling up my log file, and
> only logging them if PAM authentication really fails?
I do not know if this will work in your situation, but I'm wondering if
using the recommended configuration, which seems to do the reverse --
authenticate via pam_ldap first and then if that fails use pam_unix --
will work for you.
Entries like this in your PAM configuration should accomplish this:
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so use_first_pass
session required pam_unix.so
password sufficient pam_ldap.so
password required pam_unix.so use_first_pass nullok md5
If you've already tried this before and it doesn't work, my apologies.
Federico Sevilla III : <http://jijo.free.net.ph/>
Network Administrator : The Leather Collection, Inc.
GnuPG Key ID : 0x93B746BE
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com