From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  5 17:19:48 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 131DB16A420
	for <questions@freebsd.org>; Wed,  5 Oct 2005 17:19:48 +0000 (GMT)
	(envelope-from Mike@the-rubber-chicken-network.co.uk)
Received: from geofront.co.uk (port-179.dolphin.c4l.co.uk [80.253.114.179])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6901E43D45
	for <questions@freebsd.org>; Wed,  5 Oct 2005 17:19:44 +0000 (GMT)
	(envelope-from Mike@the-rubber-chicken-network.co.uk)
Received: from [192.168.0.205] (octet22.arishi.com [81.27.69.22] (may be
	forged))
	by geofront.co.uk (8.12.9/8.12.6) with ESMTP id j95HUpi0013384
	for <questions@freebsd.org>; Wed, 5 Oct 2005 18:30:52 +0100 (BST)
	(envelope-from Mike@the-rubber-chicken-network.co.uk)
Message-ID: <43440B29.4080203@the-rubber-chicken-network.co.uk>
Date: Wed, 05 Oct 2005 18:19:37 +0100
From: Mike Woods <Mike@the-rubber-chicken-network.co.uk>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.7.6) Gecko/20050617 Thunderbird/1.0.2 Mnenhy/0.7.2.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD Questions Mailinglist <questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
Cc: 
Subject: Pam and multiple requiste satements!
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2005 17:19:48 -0000

Im trying to configure pam to auth *twice* with pam_ldap (since pam_ldap 
seems incapable of using multiple filters), anyway i have the pam conf 
file listed below but even if I set either of the queried attributes to 
false (basicly using 2 queries for access control) it seems that as long 
as one of them authenticates properly then it goes through as ok, I had 
looked at using pam_if with pam_deny as another way of doing this but 
pam_if seems to have gone away long ago.

So, the question, is there any I can force pam to authticate against 
both of these and fail if either does ?

---------------------
Mike Woods
Systems Administrator