> account required pam_unix.so > account [default=die success=ok authinfo_unavail=ignore user_unknown=ignore] pam_ldap.so > >This means that pam_ldap can happily return PAM_USER_UNKNOWN, and PAM >can then ignore this return value. This works, but doesn't satisfy >the policy I've outlined above. You can also use the ignore_unknown_user option to pam_ldap, for versions of PAM that do not support this extended configuration syntax. -- luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com
