On 2010-10-01 at 17:46, Claudio Prono ( [email protected] ) said:
/etc/pam.d/common-account
account requisite pam_unix2.so
account required pam_krb5.so use_first_pass
ignore_unknown_principals
account sufficient pam_localuser.so
account required pam_ldap.so use_first_pass
One, if you're using LDAP for user/group info (as configured through
nsswitch.conf), LDAP never plays into PAM, so you don't need pam_ldap
anywhere.
Two, I'm guessing this is debian? I've had issues making this work with
GSSAPI on lenny, and have an account section like this:
account sufficient pam_permit.so debug
account required pam_unix.so debug
I spent a great deal of time fighting this when we upgraded the couple
remaining debian machines here to lenny.
Others can most likely provide more help than that, just though I'd
mention the issue with the account section in case that ends up being a
problem for you.
--andy
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
