I've figured this out on AIX.  If anyone googles this later:

in /etc/security/user

the default: stanza needs to have:

system = "compat or KRB5ALXAP or LDAP"

instead of:

SYSTEM = "KRB5ALXAP or LDAP or compat"

It could probably be done other ways (using PAM,) but this was easiest for now.

On Tue, Aug 7, 2012 at 10:02 AM, KodaK <sako...@gmail.com> wrote:
> I have an unusual situation.  Our DBAs want different passwords for
> the oracle account
> on production and development machines.  I'm using local
> authentication for oracle
> on all the boxes, but they're also not allowed to log in directly as
> oracle, only su, but
> su always wants to go to ldap first.
>
> Does anyone know what I need to do to get su to look at local auth
> first, then go to
> ldap?
>
> Another consideration is that this is AIX.  I'm pretty sure if given a
> Linux solution to
> this I could adapt (AIX *can* use PAM, it just doesn't by default.)
>
> --
> The government is going to read our mail anyway, might as well make it
> tough for them.  GPG Public key ID:  B6A1A7C6



-- 
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to