I have narrowed this problem
down to one of the config files in /etc/pam.d/ can anyone help me resolve this
problem or at least point me in the right direction. I would really like to use
FDS to replace all of our Active directory and novell e-directory domain
controllers (we have about 47 domains) I am trying to make the case for open
source directory management with my employers and the way things are going,
they are considering just forking over the money to M$ and Novell [arrgggghhhh]
Any way here are my pam.d
configs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
/etc/pam.d/common-account - authorization settings common to all services
#
#
This file is included from other service-specific PAM config files,
#
and should contain a list of the authorization modules that define
#
the central access policy for use on the system. The default is to
#
only deny service to users whose accounts are expired in /etc/shadow.
#
#
pre_auth-client-config # account
required pam_unix.so
account
sufficient pam_ldap.so
account
required pam_unix.so
#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
/etc/pam.d/common-auth - authentication settings common to all services
#
#
pre_auth-client-config # auth requisite
pam_unix.so nullok_secure
#
pre_auth-client-config # auth
optional pam_smbpass.so migrate
auth
sufficient pam_ldap.so
auth
required pam_unix.so nullok_secure use_first_pass
#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
/etc/pam.d/common-password - password-related modules common to all services
#
#
pre_auth-client-config # password optional
pam_smbpass.so nullok use_authtok use_first_pass
password
sufficient pam_ldap.so
password
required pam_unix.so nullok obscure min=4 max=8 md5
#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
/etc/pam.d/common-session - session-related modules common to all services
#
#
pre_auth-client-config # session required pam_unix.so
session
sufficient pam_ldap.so
session
required pam_unix.so