From owner-freebsd-current@FreeBSD.ORG Thu May 22 14:49:46 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 167E637B401 for ; Thu, 22 May 2003 14:49:46 -0700 (PDT) Received: from ns2.gnf.org (ns2.gnf.org [63.196.132.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D22743F75 for ; Thu, 22 May 2003 14:49:45 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns2.gnf.org (8.12.8p1/8.12.8) with ESMTP id h4MLngRo002390 for ; Thu, 22 May 2003 14:49:42 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Thu, 22 May 2003 14:49:44 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h4MLnijX092545; Thu, 22 May 2003 14:49:44 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h4MLngNG092544; Thu, 22 May 2003 14:49:42 -0700 (PDT) (envelope-from gtetlow) Date: Thu, 22 May 2003 14:49:41 -0700 From: Gordon Tetlow To: Frank Bonnet Message-ID: <20030522214941.GI87863@roark.gnf.org> References: <20030522184631.A23366@bart.esiee.fr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HTLCc13+3hfAZ6SL" Content-Disposition: inline In-Reply-To: <20030522184631.A23366@bart.esiee.fr> User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 22 May 2003 21:49:44.0790 (UTC) FILETIME=[0E995760:01C320AC] cc: freebsd-current@freebsd.org Subject: Re: 5.1 beta2 still in trouble with pam_ldap X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2003 21:49:46 -0000 --HTLCc13+3hfAZ6SL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 22, 2003 at 06:46:31PM +0200, Frank Bonnet wrote: > Hi >=20 > I've installed 5.1 beta2 but I'm still in trouble > with pam_ldap / nss_ldap=20 >=20 > the scenario is the following >=20 > if in any file of the pam.d directory I replace > the original line : >=20 > auth required pam_unix.so no_warn try_first_= pass nullok >=20 > by the following=20 >=20 > auth sufficient /usr/local/lib/pam_ldap.so Don't replace the line, add it before pam_unix.so. Having the last auth line be sufficient causes weird behavior. If you feel like you need to *replace* pam_unix (which is a *really* bad idea), make it required, not sufficient. I would recommend something like this: =2E.. auth sufficient /usr/local/lib/pam_ldap.so auth required pam_unix.so no_warn try_first_pass nullok > Do I missunderstand pam concepts or is it a real bug ? I think you might be missing a concept or two. In any event this is not really a bug. -gordon --HTLCc13+3hfAZ6SL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+zUX1Ru2t9DV9ZfsRAkrEAKDAXclzMlPPujk9OHNita6Lcqm4lACdHs9L hawJd4dFNcVppZ2iW5GMNDo= =6Af5 -----END PGP SIGNATURE----- --HTLCc13+3hfAZ6SL--