Hi, Wayne Gowcher wrote: > [..] > I have stacked the modules as follows : > > auth sufficient /lib/security/pam_ldap.so > use_first_pass > auth sufficient /lib/security/pam_unix.so > use_first_pass > auth sufficient /lib/security/pam_deny.so > [..] > But I am wondering is there anyway I can get pam "to > flush" the password so that once authentication has > traversed my authentication stack, the next login > prompt will prompt the user for a password. For > example by adding a module at the end of my > authentication stack ? The solution is easy: use_first_pass should only be set on the second line. Because pam_ldap has no earlier password to use. So if you write auth sufficient pam_ldap.so pam_ldap does not try to get a password provided earlier. Hope it helps, CU Werner -- McGowan's Madison Avenue Axiom: If an item is advertised as "under $50", you can bet it's not $19.95. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
