With the help of Narayana Pattipati I finally found a solution for my problem below: My auth block in my pam configuration looks now like: auth sufficient pam_unix.so debug audit auth required pam_winbind.so use_first_pass debug auth required pam_storepw.so auth required pam_nologin.so auth required pam_env.so The only problem here is that the password is even stored if the authentication fails... But in this case the username/password combination is wrong so thats not a real problem. But my new problem is now (I don´t know if it is a real pam problem) that when I try to add a local user to my system, the adduser util tries to set a new password for the user created. Here pam directs him to winbind which then tries to change the password for a non extistent user on my windows server. So this fails with an error and means that I´m also not able to change passwords for local users. Would it be possible to my common-password: password sufficient pam_winbind.so debug password required pam_unix.so use_authtok obscure md5 shadow password required pam_deny.so Would it be possible to combine the possability to change local and remote passwords - maybe depending on parameters ? Thanks for any hints... Michael > I´m playing with some pam modules to set up a linux workstation system integrated in an active directory including the mapping of home and groupdirectories. > > To mount the shares after login I need to save the password temporarily what I do with a pam modules pam_storepw in the "auth" section. > > Almost everything works fine for me except the fact that I can´t combine winbind and unix authentication plus the pam_storepw module. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
