iam very amazed, because i thought that with this ldap line its also
necessary that
'account required pam_unix.so' must return 'ok' that the authorization
part is successfull, but the ldap account is there not available.
but thanks anyway it solved my requirements!
hi again,
i recognized that if t
Because you have specified that the failure of pam_ldap is not fatal to
the account stack. The "sufficient" control means:
If this module returns success, then stop stack processing and return
success to the application. Otherwise continue processing.
Since the access check constitutes a "failure"
Hi, thanks for your reply!
my goal is to authenticate through ldap and to do some specific
authorization checks.
for failover i have one account in /etc/passwd in case of a downtime of
ldap so that its still possible to login throught local authentication.
Further more i have inside of ldap.conf
On Wed, 10 Nov 2004, jesk wrote:
> > huh? as in a user that more or less does *not* exist on your system can
> log
> > in? do you have any other authentication modules that the system falls to?
>
> Sure, authentication is enabled too, but i want to limit access through
> authorization.
Be careful
On Wednesday 10 November 2004 20:13, Christian Meutes wrote:
> I recognized a strange behavior of PAM. My Plan was to do Authorization
> through pam_unix.so and pam_ldap.so
> I have the following configuration for this:
> ---
> account requiredpam_login_access.so
> account s
> huh? as in a user that more or less does *not* exist on your system can
log
> in? do you have any other authentication modules that the system falls to?
Sure, authentication is enabled too, but i want to limit access through
authorization.
here my whole pam.d/sshd configuration:
---
# auth
auth
> huh? as in a user that more or less does *not* exist on your system can
log
> in? do you have any other authentication modules that the system falls to?
Sure, authentication is enabled too, but i want to limit access through
authorization.
here my whole pam.d/sshd configuration:
---
# auth
auth
