[Fedora-directory-users] Ubuntu not enforcing password policies
John A. Sullivan III
jsullivan at opensourcedevel.com
Wed Dec 3 18:35:45 UTC 2008
On Wed, 2008-12-03 at 12:57 -0500, Nalin Dahyabhai wrote:
> On Tue, Dec 02, 2008 at 11:22:44PM -0500, John A. Sullivan III wrote:
> > Seem to have it now. The Ubuntu host did not like the settings copied
> > in from Fedora. However, simply reversing the default Ubuntu settings
> > so that they are now:
> >
> > account required pam_unix.so
> > account sufficient pam_ldap.so
>
> Please be careful about this. If this is the entire set of "account"
> modules, then I think the end-result when pam_ldap.so fails might be
> undefined (in particular, the user may be allowed access anyway, even if
> pam_ldap.so indicates that the user should not have access, because no
> "required" modules have indicated problems).
>
<snip>
Thanks very much. I'm trusting the Ubuntu folks know what they're
doing. This is part of an included pam file. However, I should
double-check. Should pam_deny.so be at the end of the chain? - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
More information about the 389-users
mailing list