[svlug] PAM and LDAP

Mark msalists at gmx.net
Sun Feb 22 01:36:46 PST 2004

Previous message: [svlug] Hands-on Linux Demo in Davis, February 28th, 2004
Next message: [svlug] [svlug-announce] recruiting for speaker bureau coordinator
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A question regarding pam and ldap:

I had a problem with a conflict between LDAP and shadow authentication.
Authentication for root via shadow only worked when the LDAP server was
available - when LDAP was down or the network disconnected, authentication
via shadow would not work either.
I was able to fix this problem by changing one line in
/etc/pam.d/system-auth:

From
account     [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_ldap.so
to
account     [default=ignore success=ok user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so

This seems to fix the problem, but I am not sure if it will bring some other
problem down the road or inflict security weakness.
Can anybody tell me what this change exactly does (beyond fixing my
problem)?

Thanks,

MARK

Previous message: [svlug] Hands-on Linux Demo in Davis, February 28th, 2004
Next message: [svlug] [svlug-announce] recruiting for speaker bureau coordinator
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list