On 06/02/2010, at 2:50 AM, Sean Carolan wrote: >> The problem is probably in pam. Lot s of internet docs have incorrect >> info advice and say. >> account required pam_nologin.so >> account sufficient pam_ldap.so >> >> When you do that you get the situation you have now. In some phases of >> login sufficient becomes required. >> >> Try this: > > Before I go changing system-auth by hand I would like to see if there > is some way to get it working with the authconfig tool. This makes it > easier for me to maintain consistency and configure multiple systems. > Here is what is in my system-auth file now, and this was generated > with the following command. Is the authconfig tool actually > generating a "bad" configuration file? If so should this be > considered a bug? > > #%PAM-1.0 > <snip> Sean, Your system-auth pam config looks correct to me, and as you said, authconfig shouldn't be generating 'bad' configs unless it contains a bug. Edward was suggesting a problem with the 'login' pam service, not system-auth, but I don't agree with his solution - I can't see how adding an explicit include of pam_ldap.so here for the account type is going to help, as by default this just defers to system-auth anyway. Edward, are you able to offer any more insight into how this can help? Regards, Tom -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
