On 17/06/2010, at 10:52 PM, Aaron Richton wrote: > > I'm totally confused. If you're not "concerned about it right now" why is it > your original question, as well as causing "me more" concern in the next > sentence? > > My hint remains that the check you want to enforce without option has been > configured as optional. Read the whole pam.conf(5) man page, then reread the > section regarding alternatives to "optional," and determine what you need to > configure to enforce the behavior you want.
Yes, you are completely correct. I have added this line to sshd and it works. Thank you for putting me in the right direction, even if it took some prodding to get me there! account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
