Question about authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

I use pam_ldap authentication for POP and IMAP users of my linux server. I don't have accounts in /etc/passwd. Users authenticate in ldap successfully. Then why in security.log I see
--
Feb 25 14:03:57 web pop(pam_unix)[3814]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=195.144.197.131
--
?
In /etc/nsswitch.conf I have
--
passwd:         files ldap
shadow:         files ldap
group:          files
--,
and in /etc/pam.d/pop and /etc/pam.d/imap
--
#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
--
So, why try pam_unix if pam_ldap succeeds?
Isn't it enough to have 'sufficient pam_ldap.so' (documentation of pam-modules says that in this case subsequent |required| modules are NOT invoked.)


--
Andrew.



_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux