Hello, I followed your discussion with interest but I have a very practical problem. Is there any configuration of pam (sshd) which allows me to have mixed local/ldap users _with_ ldap users restricted to certain hosts using the host attribute in ldap? I am also using nss_ldap. mit freundlichen Grüßen/with best regards Thomas Emde ________________________ ScaleOn GmbH & Co. KG Systems Engineering 1 Geb. B151, Raum 117 D-51368 Leverkusen Telefon +49 214/30-67603 Telefax +49 214/30-24887 E-Mail thomas.emde@scaleon.de Internet http://www.scaleon.de An: pam-list@redhat.com Kopie: Thema: Re: sufficient account management checking for locally defined users Luke Howard <lukeh@PADL.COM> Gesendet von: pam-list-admin@redhat.com Received : 2002-05-10 12:19 Bitte antworten an pam-list > account required pam_unix.so > account [default=die success=ok authinfo_unavail=ignore user_unknown=ignore] pam_ldap.so > >This means that pam_ldap can happily return PAM_USER_UNKNOWN, and PAM >can then ignore this return value. This works, but doesn't satisfy >the policy I've outlined above. You can also use the ignore_unknown_user option to pam_ldap, for versions of PAM that do not support this extended configuration syntax. -- luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
