Re: pam_unix succeeds unexpectedly with libnss-ldapd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: pam_unix succeeds unexpectedly with libnss-ldapd
- From: "Trent W. Buck" <twb-nss-pam-ldapd-users [at] cyber.com.au>
- To: Christopher Price <Christopher.Price [at] esentire.com>
- Cc: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: pam_unix succeeds unexpectedly with libnss-ldapd
- Date: Fri, 16 Mar 2018 12:51:10 +1100
Christopher Price wrote:
> I am attempting to replace libnss-ldap with libnss-ldapd. I am running Ubuntu
> 16.04 and controlling LDAP access via the pam_listfile module in
> /etc/pam.d/common-account.
>
> /etc/pam.d/common-auth
> auth required pam_env.so envfile=/etc/default/locale
> auth sufficient pam_unix.so nullok_secure
> auth required pam_ldap.so use_first_pass
>
> /etc/pam.d/common-account
> account sufficient pam_unix.so
> account required pam_listfile.so onerr=fail item=group sense=allow
> file=/etc/login.group.allowed
> account required pam_ldap.so
This works for me:
/etc/pam.d/dovecot-staff.master.pam:
auth required pam_listfile.so item=group sense=allow
file=/etc/dovecot/dovecot-staff.master.groups onerr=fail
@include common-auth
@include common-account
@include common-session
The most obvious thing I notice is that you're using pam_listfile in account,
not auth.
This is contrary to the pam_listfile manpage examples.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
