[ale] [Fwd: Re: OpenLDAP: So close and yet so far]
Jeff Hubbs
jeffrey.hubbs at gmail.com
Wed Jun 3 12:36:50 EDT 2009
Jerald -
That line is in there...in fact, let me paste the whole system-auth file:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_ldap.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 try_first_pass retry=3
password sufficient pam_unix.so try_first_pass nullok md5 shadow
use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
>
> Also, to let pam know about ldap, look for a line like so:
>
> auth sufficient pam_ldap.so use_first_pass
>
> in /etc/pam.d/system-auth
>
> Also, if you want to have home directories automagically made for
> first-time logins, you need:
>
> session required pam_mkhomedir.so
Cool trick - dunno if I'll use that now but it's good to know.
Thanks,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090603/8d2875ec/attachment.html
More information about the Ale
mailing list