Tomas Mraz wrote:
On Wed, 2005-10-12 at 11:05 +0200, Tomas Mraz wrote:
On Wed, 2005-10-12 at 02:06 +0200, Bernardo Innocenti wrote:
Also, you can login as root with root's password from ldap
even tough there's a valid root entry in /etc/passwd.
That's expected as both pam_ldap and pam_unix are sufficient entries.
If you want to prevent that you can insert pam_succeed_if
I've forgot to finish this. You can insert pam_succeed_if in between
pam_unix and pam_ldap.
auth sufficient pam_unix.so .....
auth required pam_succeed_if.so uid != 0 quiet
auth sufficient pam_ldap.so .....
This way only the local unix password will work for root.
Works fine, thanks!
(please ignore my previous post asking for clarifications).
--
// Bernardo Innocenti - Develer S.r.l., R&D dept.
\X/ http://www.develer.com/
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
