Re: pam_unix succeeds unexpectedly with libnss-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Christopher Price <Christopher.Price [at] esentire.com>
To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: Re: pam_unix succeeds unexpectedly with libnss-ldapd
Date: Fri, 16 Mar 2018 13:23:49 +0000

> The most obvious thing I notice is that you're using pam_listfile in account, 
> not auth.
> This is contrary to the pam_listfile manpage examples.

Fair enough, but the manpage does indicate that "all modules types are         
provided." Moreover, my config works with libnss-ldap, but not libnss-ldapd.   
It's a little complicated since I want to support both regular unix logins     
(i.e. for user not listed in /etc/login.group.allowed) and LDAP based logins,  
but only for the listed users.                                                 
                                                                               
Putting the listfile module into common-auth works, but not identically. In    
particular, it continually prompts the user for their password rather than     
responding with 'Authentication failed' as my current config does.
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_unix succeeds unexpectedly with libnss-ldapd, Christopher Price
- Re: pam_unix succeeds unexpectedly with libnss-ldapd, Trent W. Buck
  - Re: pam_unix succeeds unexpectedly with libnss-ldapd, Christopher Price

Prev by Date: Re: pam_unix succeeds unexpectedly with libnss-ldapd
Next by Date: libnss-ldapd: Stretch Client authenticating to Openldap without hosting user password in local file
Previous by thread: Re: pam_unix succeeds unexpectedly with libnss-ldapd
Next by thread: libnss-ldapd: Stretch Client authenticating to Openldap without hosting user password in local file