Buchan Milne wrote: > <quote who="Pixel"> >> Buchan Milne <[EMAIL PROTECTED]> writes:
>>> -put pam_pwdb before pam_ldap in /etc/pam.d/system-auth > > Actually, pam_unix is used at present, which I have placed before > pam_ldap. Vince, in your article you mention problems with pam_unix, > which can be solved by using pam_pwdb instead. I however am now using > the config generated by my patched chkauth, with no problems (local and > ldap password changes work via pam_ldap only, su works for local and > ldap users, ssh works for local and ldap users), but I am using a local > slave server without ssl/tls. (Hmmm, at present even ldapsearch is > segfaulting on a stock+updates 9.1 trying with tls to a local or remote > tls-capable server .... will have to investigate). > > Anyway, placing pam_unix before pam_ldap in the password lines means at > least local accounts can change their password. There is one more issue, and that is having a pam_mkhomedir entry for use with LDAP. I am not sure how often it would be as useful with ldap (since one can probably assume most LDAP uses would be in conjunction with NFS?) as it is with winbind (where we do use it by default). Maybe in future it should be an option in a GUI? > Patch without white-space changes: Looks like mozilla and squirrelmail managed to mangle the patches, I will resend in private from a real mail client ;-). Regards, Buchan
