On Wed, 2008-12-03 at 12:57 -0500, Nalin Dahyabhai wrote:
On Tue, Dec 02, 2008 at 11:22:44PM -0500, John A. Sullivan III
wrote:
> Seem to have it now. The Ubuntu host did not like the settings copied
> in from Fedora. However, simply reversing the default Ubuntu settings
> so that they are now:
>
> account required pam_unix.so
> account sufficient pam_ldap.so
Please be careful about this. If this is the entire set of "account"
modules, then I think the end-result when pam_ldap.so fails might be
undefined (in particular, the user may be allowed access anyway, even if
pam_ldap.so indicates that the user should not have access, because no
"required" modules have indicated problems).
<snip>
Thanks very much. I'm trusting the Ubuntu folks know what they're
doing. This is part of an included pam file. However, I should
double-check. Should pam_deny.so be at the end of the chain? - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan(a)opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society