Re: pam_ldap + no_warn + pam_authz_search = issue?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: pam_ldap + no_warn + pam_authz_search = issue?
Date: Sat, 27 Oct 2012 20:51:12 +0200

On Sat, 2012-10-27 at 12:15 +1100, Lawrence Stewart wrote:
> On 10/27/12 00:09, Arthur de Jong wrote:
> > The above would just mean that the result of pam_ldap is skipped if
> > it fails and pam_unix is tried instead.
> 
> That's the behaviour I'm after.

Well failure in this case also means that pam_ldap has denied the
request. So if pam_ldap says no, account blocked and pam_unix says yes,
the answer is yes.

> Could be useful to add another option "exempt_uids" which takes a CSV
> list of uids to also skip pam_ldap.so checks for? Could then have
> "minimum_uid=1000 exempt_uids=0" and get the best of both worlds.

Patches are welcome ;) Instead of a comma separated list though a list
of include and exclude ranges are perhaps even nicer.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_ldap + no_warn + pam_authz_search = issue?, Lawrence Stewart
- Re: pam_ldap + no_warn + pam_authz_search = issue?, Arthur de Jong
  - Re: pam_ldap + no_warn + pam_authz_search = issue?, Lawrence Stewart
    - Re: pam_ldap + no_warn + pam_authz_search = issue?, Arthur de Jong

Prev by Date: Re: pam_ldap + no_warn + pam_authz_search = issue?
Next by Date: upgrade from 0.8.10 to 0.8.11 breaks configuration
Previous by thread: Re: pam_ldap + no_warn + pam_authz_search = issue?
Next by thread: upgrade from 0.8.10 to 0.8.11 breaks configuration