[Date Prev][Date Next] [Chronological] [Thread] [Top]

using LDAP as central authentication unit

I've followed one of the online instructions on how to configure my system to use ldap as the user authentication mechanism. below is partial  content of my /etc/pam.d/system.auth file:
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

looking at some online resources about how pam works, it seems that unix authentication is being applied first, and only if it fails, ldap authentication is applied. Am I correct here? In other words if all the users are still in /etc/shadow and /etc/passd files.... ldap is NOT being used for authentication. If I delete the users from /etc/passwd... then LDAP is used.... right>?


Looking for last minute shopping deals? Find them fast with Yahoo! Search.