On Thu, May 22, 2003 at 06:46:31PM +0200, Frank Bonnet wrote: > Hi > > I've installed 5.1 beta2 but I'm still in trouble > with pam_ldap / nss_ldap > > the scenario is the following > > if in any file of the pam.d directory I replace > the original line : > > auth required pam_unix.so no_warn try_first_pass nullok > > by the following > > auth sufficient /usr/local/lib/pam_ldap.so Don't replace the line, add it before pam_unix.so. Having the last auth line be sufficient causes weird behavior. If you feel like you need to *replace* pam_unix (which is a *really* bad idea), make it required, not sufficient. I would recommend something like this: ... auth sufficient /usr/local/lib/pam_ldap.so auth required pam_unix.so no_warn try_first_pass nullok > Do I missunderstand pam concepts or is it a real bug ? I think you might be missing a concept or two. In any event this is not really a bug. -gordon
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:09 UTC