RSS feed

Re: pam_ldap + no_warn + pam_authz_search = issue?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: pam_ldap + no_warn + pam_authz_search = issue?

On Sat, 2012-10-27 at 12:15 +1100, Lawrence Stewart wrote:
> On 10/27/12 00:09, Arthur de Jong wrote:
> > The above would just mean that the result of pam_ldap is skipped if
> > it fails and pam_unix is tried instead.
> That's the behaviour I'm after.

Well failure in this case also means that pam_ldap has denied the
request. So if pam_ldap says no, account blocked and pam_unix says yes,
the answer is yes.

> Could be useful to add another option "exempt_uids" which takes a CSV
> list of uids to also skip checks for? Could then have
> "minimum_uid=1000 exempt_uids=0" and get the best of both worlds.

Patches are welcome ;) Instead of a comma separated list though a list
of include and exclude ranges are perhaps even nicer.

-- arthur - - --
To unsubscribe send an email to or see