On our laptops we have local users defined in /etc/shadow for offline use. We also authenticate against and LDAP server. Interestingly, when on the network a user can log in with either the local or ldap password. I would have expected only the local password to work. I believe this was the case when we used NIS instead of LDAP. system-auth: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so /etc/nsswitch.conf shadow: files ldap - Orion _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
