On Fri, Oct 06, 2000 at 12:58:53PM -0500, Kelli Wolfe wrote: > Red Hat 7.0 changed to a "stack" system for the /etc/pam.d > files. These all point to system-auth, which only has pam_unix > and pam_ldap in it. I did look at the files you suggested and > they have pam_ldap and pam_unix for auth and then pam_ldap and > pam_pwdb for password. > > I'm curious why going to pam_pwdb would be a bad thing? Either > one works for LDAP authentication, its just that the pam_pwdb > doesn't get a password for an LDAP account, whereas pam_unix does. This is one of the bigger problems, actually. The account module in pam_pwdb will return error codes if the user information is in a database pwdb can't get to or doesn't know about, which rendered it borderline-useless in the environment we had when I was in school. We were very happy when the current incarnation of pam_unix was released. Does setting pam_unix and pam_ldap both to "required" and eliminating the call to pam_deny below them, all in the "account" section of the configuration file, solve the problem? From a short peek at the sources, it looks like it should.... Nalin
