On Wed, 3 Dec 2003, Nathan Yocom wrote: [huge snip] > This tells me that the pam_ldap module is getting called, and is binding > correctly/successfully (as the error when given a bad password does not > occur when using the correct password). So the question is.. why am I > still failing authentication? I have tried moving things around in > /etc/pam.d/system-auth with no luck. Have I missed an attribute that is > necessary in ldap, maybe one of the shadow* attributes? something in the > PAM stack itself? I think the problem is that you added lines to the end of system-auth instead of in the middle. Each module gets tried in order. So, when pam_deny is before pam_ldap, pam_ldap can never succeed. -- CAUTION: Product will be hot after heating _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
