Date: Thu, 22 May 2003 14:49:41 -0700 From: Gordon Tetlow <gordont@gnf.org> To: Frank Bonnet <bonnetf@bart.esiee.fr> Cc: freebsd-current@freebsd.org Subject: Re: 5.1 beta2 still in trouble with pam_ldap Message-ID: <20030522214941.GI87863@roark.gnf.org> In-Reply-To: <20030522184631.A23366@bart.esiee.fr> References: <20030522184631.A23366@bart.esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
--HTLCc13+3hfAZ6SL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 22, 2003 at 06:46:31PM +0200, Frank Bonnet wrote: > Hi >=20 > I've installed 5.1 beta2 but I'm still in trouble > with pam_ldap / nss_ldap=20 >=20 > the scenario is the following >=20 > if in any file of the pam.d directory I replace > the original line : >=20 > auth required pam_unix.so no_warn try_first_= pass nullok >=20 > by the following=20 >=20 > auth sufficient /usr/local/lib/pam_ldap.so Don't replace the line, add it before pam_unix.so. Having the last auth line be sufficient causes weird behavior. If you feel like you need to *replace* pam_unix (which is a *really* bad idea), make it required, not sufficient. I would recommend something like this: =2E.. auth sufficient /usr/local/lib/pam_ldap.so auth required pam_unix.so no_warn try_first_pass nullok > Do I missunderstand pam concepts or is it a real bug ? I think you might be missing a concept or two. In any event this is not really a bug. -gordon --HTLCc13+3hfAZ6SL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+zUX1Ru2t9DV9ZfsRAkrEAKDAXclzMlPPujk9OHNita6Lcqm4lACdHs9L hawJd4dFNcVppZ2iW5GMNDo= =6Af5 -----END PGP SIGNATURE----- --HTLCc13+3hfAZ6SL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030522214941.GI87863>