Re: pam_ldap works, but login fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marshal Newrock wrote:

I think the problem is that you added lines to the end of system-auth
instead of in the middle. Each module gets tried in order. So, when
pam_deny is before pam_ldap, pam_ldap can never succeed.


Exactly right. Thank you SO much. I knew it was something simple like that but was misunderstanding the usage of pam_deny.so.

For anyone searching against this list etc the resulting system-auth file is:

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok nodelay
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so

account    sufficient   /lib/security/pam_unix.so
account    sufficient   /lib/security/pam_ldap.so

password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so

session required /lib/security/pam_limits.so
session optional /lib/security/pam_unix.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0
session optional /lib/security/pam_ldap.so

Thanks again!
Nate



_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux