Hi, After some experimentaion, I came up with another pam configuration for desk top login. This would override the settings "other", as the application has been marked specifically as "dtlogin". Seems what you have to do is experiment with the configuration to get something workable. My system is basic ldap and no kerberos at this stage. ------------------------------------------------------------------------ ------------------------- dtlogin auth sufficient pam_unix.so.1 dtlogin auth required pam_ldap.so.1 try_first_pass dtlogin account sufficient pam_unix.so.1 dtlogin account requisite pam_roles.so.1 dtlogin account required pam_projects.so.1 dtlogin account sufficient pam_unix_account.so.1 dtlogin account required pam_ldap.so.1 try_first_pass dtlogin session sufficient pam_unix_session.so.1 dtlogin session required pam_ldap.so.1 try_first_pass ------------------------------------------------------------------------ ------------------------- cheers -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Sam Smith Sent: 26 May 2006 10:49 PM To: General discussion list for the Fedora Directory server project. Subject: Re: solaris, dtlogin, and FDS Susan wrote: >I have this and my dtlogin works fine: > > ># Default definitions for Authentication management # Used when service >name is not explicitly mentioned for authentication # >other auth requisite pam_authtok_get.so.1 >other auth required pam_dhkeys.so.1 >other auth required pam_unix_cred.so.1 >other auth sufficient pam_unix_auth.so.1 >other auth required pam_ldap.so.1 ># > > > Susan, I'm pretty sure now that authentication is not the problem - it seems to authenticate fine and then die. What other lines for "other" do you have in your pam.conf? Sam -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------------------------------------------------- This e-mail and any attachments are confidential and may also be legally privileged and/or copyright material of Intec Telecom Systems PLC (or its affiliated companies). If you are not an intended or authorised recipient of this e-mail or have received it in error, please delete it immediately and notify the sender by e-mail. In such a case, reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Intec Telecom Systems PLC does not represent or warrant that an attachment hereto is free from computer viruses or other defects. The opinions expressed in this e-mail and any attachments may be those of the author and are not necessarily those of Intec Telecom Systems PLC.
