This is probably an easy question, but I'm having troubles getting the answer in my searches. In my current imap pam config file I have this: #%PAM-1.0 account sufficient pam_winbind.so account sufficient pam_ldap.so auth sufficient pam_winbind.so try_first_pass auth sufficient pam_ldap.so try_first_pass debug auth required pam_deny.so This works for AD users and users stored in an Oracle LDAP database. However what we are finding is that if I have an account on one system and I can authenticate on the other, then I'm in. The way I'd like it to work, using shell script analogy is: account sufficient pam_ldap.so && auth sufficient pam_ldap.so try_first_pass debug and likewise for winbind. Is there a path to doing this in pam? --Donald _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
