I am working on getting user authentication with ldap going. I had it working ok, but I could not add a user that could login. Only the users that existed before I got ldap authentication going were able to login. Therefore I have been trying to learn what part of the authentication stack was failing. I have access to machine because I have several tty's loged into root. In an attempt to diagnose which PAM module is having trouble I have tried to change my /etc/pam.d/login to read: [root@Webby pam.d]# cat login #%PAM-1.0 auth required /lib/security/pam_permit.so auth required /lib/security/pam_warn.so #auth required /lib/security/pam_securetty.so #auth required /lib/security/pam_stack.so service=system-auth #auth required /lib/security/pam_nologin.so #account required /lib/security/pam_stack.so service=system-auth #password required /lib/security/pam_stack.so service=system-auth #session required /lib/security/pam_stack.so service=system-auth #session optional /lib/security/pam_console.so my limited understanding from the redhat reference guide is that this should allow me to log in regardless of what the user name is? Is this correct? When I try to login from the console on tty2, I get a very fast flash of: user account has expired I have checked via the graphical redhat-user-configuration program and expiration of my accounts is not enabled. Thanks Alan
