|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: pam_ldap works, but login fails
From: Nathan Yocom (nate
yocom.org)
Date: Wed Dec 03 2003 - 20:19:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Marshal Newrock wrote:
>I think the problem is that you added lines to the end of system-auth
>instead of in the middle. Each module gets tried in order. So, when
>pam_deny is before pam_ldap, pam_ldap can never succeed.
>
>
Exactly right. Thank you SO much. I knew it was something simple like
that but was misunderstanding the usage of pam_deny.so.
For anyone searching against this list etc the resulting system-auth
file is:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok nodelay
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow
use_authtok
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session optional /lib/security/pam_unix.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0
session optional /lib/security/pam_ldap.so
Thanks again!
Nate
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]