Here's mine : #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Hope that'll help ! works fine for me :) Lionel LENOBLE. > Hello, > > When I try to log in as root, the PAM stack uses LDAP to check the > password. > How can I prevent this ? I'd like to have a set of local users, so that > PAM looks up in LDAP only if the user doesn't exist on the system. > I've put everywhere pam_unix.so as 'sufficient' and before pam_ldap.so, > but to no avail :( > > Here is my /etc/pam.d/system-auth : > > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required /lib/security/$ISA/pam_mount.so > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > use_first_pass > auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass > auth required /lib/security/$ISA/pam_deny.so > > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 > account sufficient /lib/security/$ISA/pam_unix.so > account [default=bad success=ok user_unknown=ignore] > /lib/security/$ISA/pam_ldap.so > > password requisite /lib/security/$ISA/pam_cracklib.so retry=3 > password sufficient /lib/security/$ISA/pam_unix.so nullok > use_authtok md5 shadow > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_mount.so > session sufficient /lib/security/$ISA/pam_unix.so > session sufficient /lib/security/$ISA/pam_ldap.so > > > Thanks a lot, > > -- > Damiano ALBANI > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > ------------------------------------------------------------------- Ce message a été envoyé à partir de http://webmail.cip.dauphine.fr/ Centre d'Ingéniérie Pédagogique de l'Université Paris-Dauphine http://www.cip.dauphine.fr/ _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
