RSS feed

Re: authentication puzzle

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: authentication puzzle

On Tue, 2014-03-11 at 09:39 -0700, Eneida Lima wrote:
> Here is the info :
> 2. /etc/pam.d/system-auth-ac
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required
> auth        sufficient try_first_pass
> auth        sufficient nullok use_first_pass
> auth        requisite uid >= 500 quiet
> auth        required

It is pretty weird to put pam_ldap before pam_unix because this will
delay logins unnecessarily when the LDAP server is unavailable (e.g. in

Is this the default PAM stack?

Adding debug at the end of the pam_unix and pam_ldap lines should
provide more debugging information (through syslog).

> 3. Output from 'nslcd -d' for an unsuccessful login:
> nslcd: version 0.7.5 starting

0.7.5 is pretty old but nss-pam-ldapd-0.7.5-18.2.el6_4 from Red Hat
should contain many of the backported fixes.

However, if I understand correctly, the PAM module of nss-pam-ldapd is
not used in the Red Hat packaging so you have to check the configuration
file for PADL's pam_ldap module (not sure what that is on Red Hat).

Hope this helps,

-- arthur - - --
To unsubscribe send an email to or see