On Wed, 2005-10-12 at 11:05 +0200, Tomas Mraz wrote: > On Wed, 2005-10-12 at 02:06 +0200, Bernardo Innocenti wrote: > > Also, you can login as root with root's password from ldap > > even tough there's a valid root entry in /etc/passwd. > That's expected as both pam_ldap and pam_unix are sufficient entries. > If you want to prevent that you can insert pam_succeed_if I've forgot to finish this. You can insert pam_succeed_if in between pam_unix and pam_ldap. auth sufficient pam_unix.so ..... auth required pam_succeed_if.so uid != 0 quiet auth sufficient pam_ldap.so ..... This way only the local unix password will work for root. -- Tomas Mraz <tmraz@xxxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
