Here is my /etc/pam.d/ldapserver auth sufficient /lib/security/pam_krb5.so use_first_pass forwardable password sufficient /lib/security/pam_krb5.so use_authtok session optional /lib/security/pam_krb5.so account sufficient /lib/security/pam_krb5.so ~ ~ To revisit, here's the observation: pamsecure when set to TRUE authenticates users only to the password in 389-ds, but when set to FALSE will authenticate to the AD password only if the uid exists in /etc/passwd. On 9/22/09 10:36 AM, "Rich Megginson" <rmeggins@xxxxxxxxxx> wrote: > Prashanth Sundaram wrote: >> The account in /etc/passwd.. > Seems like a pam problem and/or misconfiguration then - if it finds the > entry using pam_krb5, it should never look at /etc/passwd. >> >> ------------------------------------------------------------------------ >> Prashanth Sundaram wrote: >> >> >> Yes, it works when there is a matching local user account. >> >> do you mean an account in /etc/passwd? or an account in LDAP? >> >> ------------------------------------------------------------------------ >> >> -- >> 389 users mailing list >> 389-users redhat com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
