I have been testing things, and pam's pam-ccreds module seems to be what we're looking for, but I can't get it working. This ccreds example file won't work on my ubuntu; #-------------------------------------------------------------------------------------- other auth [user_unknown=ignore default=done] \ /lib/security/pam_unix.so other auth [authinfo_unavail=ignore success=1 default=2] \ /lib/security/pam_ldap.so try_first_pass other auth [default=done] /lib/security/pam_ccreds.so action=validate use_first_pass other auth [default=done] /lib/security/pam_ccreds.so action=store other auth [default=done] /lib/security/pam_ccreds.so action=update other account [user_unknown=ignore default=done] /lib/security/pam_unix.so other account [authinfo_unavail=ignore default=done] /lib/security/pam_ldap.so other account [default=done] /lib/security/pam_permit.so other session required /lib/security/pam_unix.so other password required /lib/security/pam_ldap.so #-------------------------------------------------------------------------------------- Ubuntu uses /etc/pam.d/common-auth/password/account/session The default format is for example auth required pam_ldap.so Connecting with ldap (fedora directory server) without these (ccreds) changes works fine. Error message I see after trying to "tweak" the example: Jun 15 14:54:53 localhost login[4747]: (pam_unix) check pass; user unknown Jun 15 14:54:53 localhost login[4747]: (pam_unix) authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= Jun 15 14:54:55 localhost login[4747]: FAILED LOGIN (1) on `tty1' FOR `frans', Authentication service cannot retrieve authentication info. Jun 15 14:55:31 localhost login[4747]: (pam_unix) check pass; user unknown Jun 15 14:55:34 localhost login[4747]: FAILED LOGIN (2) on `tty1' FOR `frans', Authentication service cannot retrieve authentication info. Jun 15 14:56:29 localhost login[4756]: Authentication service cannot retrieve authentication info. Anyone? _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
