[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Pam_ldap group access

To: Aaron Richton <richton@nbcs.rutgers.edu>
Subject: Re: Pam_ldap group access
From: Indexer <indexer@internode.on.net>
Date: Thu, 17 Jun 2010 22:58:08 +0930
Cc: openldap-technical@openldap.org
In-reply-to: <alpine.SOC.2.00.1006170916590.24308@toolbox.rutgers.edu>
References: <0A5BB2F9-E68A-433E-89EC-43A22722A60B@internode.on.net> <alpine.SOC.2.00.1006170902570.24308@toolbox.rutgers.edu> <A6C7FFD1-94BA-4B4C-BC7C-23284BA40F63@internode.on.net> <alpine.SOC.2.00.1006170916590.24308@toolbox.rutgers.edu>

On 17/06/2010, at 10:52 PM, Aaron Richton wrote:

> 
> I'm totally confused. If you're not "concerned about it right now" why is it your original question, as well as causing "me more" concern in the next sentence?
> 
> My hint remains that the check you want to enforce without option has been configured as optional. Read the whole pam.conf(5) man page, then reread the section regarding alternatives to "optional," and determine what you need to configure to enforce the behavior you want.

Yes, you are completely correct. I have added this line to sshd and it works. Thank you for putting me in the right direction, even if it took some prodding to get me there!

account         required        /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user

References:
- Pam_ldap group access
  - From: Indexer <indexer@internode.on.net>
- Re: Pam_ldap group access
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: Pam_ldap group access
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: Pam_ldap group access
Next by Date: Re: Pam_ldap group access
Index(es):
- Chronological
- Thread