Two independant auth's desired for imap
D G Teed
donald.teed at gmail.com
Fri Sep 28 14:27:11 UTC 2007
This is probably an easy question, but I'm having troubles
getting the answer in my searches.
In my current imap pam config file I have this:
#%PAM-1.0
account sufficient pam_winbind.so
account sufficient pam_ldap.so
auth sufficient pam_winbind.so try_first_pass
auth sufficient pam_ldap.so try_first_pass debug
auth required pam_deny.so
This works for AD users and users stored in an Oracle LDAP database.
However what we are finding is that if I have an account on one
system and I can authenticate on the other, then I'm in.
The way I'd like it to work, using shell script analogy is:
account sufficient pam_ldap.so && auth sufficient
pam_ldap.so try_first_pass debug
and likewise for winbind.
Is there a path to doing this in pam?
--Donald
More information about the Pam-list
mailing list