> I don't know about *only* against shadow. But I've got winbind setup, > and it authenticates users first against the domain, but if that fails > resorts to the local password database. > > Here are the relavent lines from my > /etc/pam.d/system-auth > > auth    Ârequired   Â/lib/security/pam_env.so > auth    Âsufficient  Â/lib/security/pam_winbind.so > auth    Âsufficient  Â/lib/security/pam_unix.so likeauth nullok > use_first_pa ss > auth    Ârequired   Â/lib/security/pam_deny.so
Can I reverse that so that it checks local files first? That way if the user (eg "root") is local it doesn't have to check the domain. -- Ramon Casha Malta Linux User Group (http://linux.org.mt) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
