hi,
i try to contact you to get some help...
i try to configure the auth of my all users by a openldap server.
So
i configure libpam-ldap
libnss-ldap (with db in nsswitch.conf) and nss_udatedb (with a cron to
update de db users)
configure the libpam_ccreds to be able to auth the user even if the
network is down (more specially Laptop)
So my pam.d/common_auth looks like this :
/auth sufficient pam_unix.so nullok_secure
auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so
use_first_pass debug
auth [default=done] \
pam_ccreds.so action=validate
ccredsfile=/var/db/.security.db use_first_pass
auth [default=done] \
pam_ccreds.so action=store
ccredsfile=/var/db/.security.db use_first_pass
auth [default=bad] \
pam_ccreds.so action=update
ccredsfile=/var/db/.security.db use_first_pass/
if the user is a local user, he is authenticated,
if the user is a ldap, and if the ldap server is available, the user is
auth and the credential are added to /security.db/
if he user is a ldap and if the ldap server is unavailable, the user is
auth throught the /security.db/
All the configuration is OK if network interface is up.
If the interface is not configure, after a first auth on the ldap, the
user authenticated
If a interface is NOT configure (Only loopback) , it take a long, long
time, and the user is not auth on the ccreds file.
WATH's the problem
Is there some configuration to add.
The package have been compiled with hard options....
Thank you very much for your help....
Anthony
