Re: ldap/pam problem
> > If so, then when I tried those modifications, I couldn't figure out
> > how to get reasonable behavior. If you have
> >
> > auth sufficient pam_ldap.so
> > auth required pam_unix_auth.so try_first_pass
> >
> > then if the entry is found in ldap, pam returns and you never execute
> > things like motd, etc. which is not what you want.
>
> I used this complex invokation, you'll need an appropriately bug-fixed pam
> library (Ben, you have my patches..)
>
> auth requisite pam_securetty.so
> auth [success=1 default=ignore] pam_unix_auth.so
> auth required pam_ldap.so use_first_pass
> auth optional pam_group.so
> auth optional pam_mail.so
Another solution (that I did) is to just place those optional modules
BEFORE pam_ldap.so. Seems to work fine for me. Anyone sees a reason not to
do so ?
I agree, however, that the complex method got to be fixed - it is too cool
not to use it.
Sergey.
Reply to: