I use ldap ( server on localhost no certificate, no encryption) and have no problem with kdm.
A few ideas , thoug i don t think it will fix the problem you have: - use_first_pass should not be used for session. we either use the unix env or the ldap one (shell and such) - my common account is: account sufficient pam_ldap.so account required pam_unix.so i guess you remove unix so they cannot login via ssh, i don't now if it breaks something. One comment about getpwname : "Since files is first for passwd, i'm assuming kdm is calling getpwnam and returning failure before checking with the ldap server." man getpwnam: "The getpwnam() function returns a pointer to a structure containing the broken out fields of a line from /etc/passwd for the entry that matches the user name name. The getpwuid() function returns a pointer to a structure containing the broken out fields of a line from /etc/passwd for the entry that matches the user uid uid." but then : "The user password database mostly refers to /etc/passwd. However, with recent systems it also refers to network wide databases using NIS, LDAP and other local files as configured in /etc/nsswitch.conf." my understanding is that the first quote is obsolete and getpwname does retrieve info from all the databases and return when it has found one valid. So getpwnam only return an entry for the ldap server if the user does not exists in the /etc/passwd file. I would guess that either the use_first_pass for session break kdm , the user exists in the passwd file with a different password or kdm requires something that you don t have with the ldap account: - a valid login shell - the home directory to be available and have the right permission (there is an option in gdm for it to check that, maybe kde did it by default). When you create a local account with adduser those are created and setup by the script, that s why i guess the problem may be there. What is strange is you have no debug output even with pam rules setted to debug. Regards Alban -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
