Re: ldap/pam problem

To: debian-user@lists.debian.org
Subject: Re: ldap/pam problem
From: Sergey V Kovalyov <sqk0316@SCIRES.ACF.NYU.EDU>
Date: Thu, 17 Jun 1999 00:02:07 -0400
Message-id: <[🔎] Pine.SGI.4.10.9906162358100.189061-100000@neumann.acf.nyu.edu>
In-reply-to: <[🔎] Pine.LNX.3.96.990616175143.12298C-100000@Wakko.deltatee.com>

> > If so, then when I tried those modifications, I couldn't figure out
> > how to get reasonable behavior.  If you have 
> > 
> >   auth       sufficient pam_ldap.so
> >   auth       required   pam_unix_auth.so try_first_pass
> > 
> > then if the entry is found in ldap, pam returns and you never execute
> > things like motd, etc. which is not what you want.
> 
> I used this complex invokation, you'll need an appropriately bug-fixed pam
> library (Ben, you have my patches..)
> 
> auth       requisite  pam_securetty.so
> auth       [success=1 default=ignore] pam_unix_auth.so
> auth       required   pam_ldap.so use_first_pass
> auth       optional   pam_group.so
> auth       optional   pam_mail.so

Another solution (that I did) is to just place those optional modules
BEFORE pam_ldap.so. Seems to work fine for me. Anyone sees a reason not to
do so ?
I agree, however, that the complex method got to be fixed - it is too cool
not to use it.

Sergey.

Reply to:

References:
- Re: ldap/pam problem
  - From: Jason Gunthorpe <jgg@ualberta.ca>

Prev by Date: deselect help.
Next by Date: Re: ldap/pam problem
Previous by thread: Re: ldap/pam problem
Next by thread: Re: ldap/pam problem
Index(es):
- Date
- Thread