5.1 beta2 still in trouble with pam_ldap
Gordon Tetlow
gordont at gnf.org
Thu May 22 14:49:46 PDT 2003
On Thu, May 22, 2003 at 06:46:31PM +0200, Frank Bonnet wrote:
> Hi
>
> I've installed 5.1 beta2 but I'm still in trouble
> with pam_ldap / nss_ldap
>
> the scenario is the following
>
> if in any file of the pam.d directory I replace
> the original line :
>
> auth required pam_unix.so no_warn try_first_pass nullok
>
> by the following
>
> auth sufficient /usr/local/lib/pam_ldap.so
Don't replace the line, add it before pam_unix.so. Having the last auth
line be sufficient causes weird behavior. If you feel like you need to
*replace* pam_unix (which is a *really* bad idea), make it required, not
sufficient. I would recommend something like this:
...
auth sufficient /usr/local/lib/pam_ldap.so
auth required pam_unix.so no_warn try_first_pass nullok
> Do I missunderstand pam concepts or is it a real bug ?
I think you might be missing a concept or two. In any event this is not
really a bug.
-gordon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20030522/47800341/attachment.bin
More information about the freebsd-current
mailing list