On Wed, 2008-12-03 at 12:57 -0500, Nalin Dahyabhai wrote: > On Tue, Dec 02, 2008 at 11:22:44PM -0500, John A. Sullivan III wrote: > > Seem to have it now. The Ubuntu host did not like the settings copied > > in from Fedora. However, simply reversing the default Ubuntu settings > > so that they are now: > > > > account required pam_unix.so > > account sufficient pam_ldap.so > > Please be careful about this. If this is the entire set of "account" > modules, then I think the end-result when pam_ldap.so fails might be > undefined (in particular, the user may be allowed access anyway, even if > pam_ldap.so indicates that the user should not have access, because no > "required" modules have indicated problems). > <snip> Thanks very much. I'm trusting the Ubuntu folks know what they're doing. This is part of an included pam file. However, I should double-check. Should pam_deny.so be at the end of the chain? - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
