At 07:58 PM 12/8/2006, simo wrote:
> The one slight hiccup I am seeing is for console logins: locally
> defined users can log onto the console successfully -- if they use
> there AD password, they are accepted on the first password prompt.
>
> However, if they use their locally defined password (shadow) at the
> console, then they are subjected to a second password prompt each time
> -- and it doesn't matter whether they enter the local password
> correctly on the first prompt, it only matters on the second one. Is
> there something about my placement/ordering above that might be
> causing this?
put the option use_first_pass on the second module in the stack, so that
it doesn't ask for a new password, but try with the one provided to the
first module.
Bingo! That did the trick.
To be specific for others running across this problem, the option
"use_first_pass" needs to be added to the second (and any subsequent)
modules in the auth stack. (Excluding the pam_env module...)
E.g.:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_winbind.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth
nullok use_first_pass
auth required /lib/security/$ISA/pam_deny.so
Cheers,
-D
Don Meyer <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
