[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam-pwdb + NIS + ssh

On Fri, Apr 23, 1999 at 07:49:17PM -0400, Ben Collins wrote:
> On Fri, Apr 23, 1999 at 04:42:45PM -0700, Max wrote:
> > I noticed that the latest version of ssh in potato introduced PAM
> > support and totally screwed up ssh for me.  It created an
> > /etc/pam.d/ssh file with the following contents:
> >
> > #%PAM-1.0
> > auth       required     pam_pwdb.so shadow
> > auth       required     pam_nologin.so
> > account    required     pam_pwdb.so
> > password   required     pam_cracklib.so
> > password   required     pam_pwdb.so shadow nullok use_authtok
> > session    required     pam_pwdb.so

Better yet, change this to:
auth       required     pam_unix_auth.so
auth       required     pam_nologin.so
account    required     pam_unix_acct.so
password   required     pam_cracklib.so
password   required     pam_unix_passwd.so use_authtok
session    required     pam_unix_session.so

This will (should) bypass pwdb alltogether and resort to the
/etc/nsswitch.conf for NS sources.



--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <bcollins@debian.org>                        Debian GNU/Linux
OpenLDAP Dev - bcollins@openldap.org     The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --
Reply to: