I'm not sure how PAM works (eg, if it can't find a specific instance in pam.d for a given program, fall through and use system-auth), but if it does work as parenthetically indicated, then the original problem is that RedHat does ship /etc/pam.d/sshd. If that theory holds, removing /etc/pam.d/sshd should make system-auth consulted. I've just verified that this is not what occurs: if /etc/pam.d/sshd does not exist - ya don't get in (eg, system-auth isn't consulted). In short - yes, for every program you want to run that authenticates against LDAP, the appropriate pam file must be modified. -- Chris Faehl Hosting Manager, RightNow Technologies -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Rigler, Steve Sent: Wednesday, July 07, 2004 5:59 AM To: General Red Hat Linux discussion list Subject: RE: Cant authenticate to LDAP domain with Redhat9 That might work fine for now, but what about authentication from a virtual console, gdm, xscreensaver, etc? And what if, later on, you decide to add kerberos to the mix? Hopefully you wouldn't want to go around messing with every file in pam.d whenever there's a change (that's what system-auth is there for). -Steve -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Faehl, Chris Sent: Tuesday, July 06, 2004 5:06 PM To: redhat-list@xxxxxxxxxx Subject: Re: Cant authenticate to LDAP domain with Redhat9 The problem's /etc/pam.d/sshd. cp /etc/pam.d/sshd /etc/pam.d/sshd.040706 && cp /etc/pam.d/system-auth /etc/pam.d/sshd Problem should then be fixed (I burned several days on this - RedHat's docs could use some revision). -- Chris Faehl Hosting Manager, RightNow Technologies -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
