Richard Ray wrote:
I have configured pam to authenticate ssh via ldap
No problems with that
How can I configure pam/ssh to use ldap for certain accounts only and
unix password for other accounts
Running CentOS 5.2
Thanks
Richard Ray
that is controlled with your /etc/nsswitch.conf
passwd files ldap
group files ldap
check if user exists in /etc/passwd 1st, then ldap
so if you have a local account joe and an ldap account joe, it should
use local account 1st. if you flip it around passwd ldap files then vs.
to restrict certain ldap groups to logging in you need add "pam_groupdn"
to your ldap.conf file.
All these relate to pam & ldap configurations, I am not a pam expert.
Test your configs, make sure you didn't allow anyone into your system as
root without a passwd. (did that once, glad it was a vm).
HTH,
Jesse Waters
