[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Can log in with either local(shadow) or ldap password

From: Orion Poplawski <orion cora nwra com>
To: Pam-list redhat com
Cc:
Subject: Can log in with either local(shadow) or ldap password
Date: Thu, 5 Feb 2009 21:38:49 +0000 (UTC)

On our laptops we have local users defined in /etc/shadow for offline use.  We
also authenticate against and LDAP server.  Interestingly, when on the network a
user can log in with either the local or ldap password.  I would have expected
only the local password to work.  I believe this was the case when we used NIS
instead of LDAP.

system-auth:

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

/etc/nsswitch.conf
shadow:     files ldap

- Orion

Follow-Ups:
- Re: Can log in with either local(shadow) or ldap password
  - From: RB

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]