[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    Re: [pamldap] bug? pam_groupdn mismatch, but still login possible
From:       Norbert Klasen <klasen () zdv ! uni-tuebingen ! de>
Date:       2000-10-06 11:31:56
[Download RAW message or body]

Arvid Requate wrote:
> When a user tries to login, who isn't part of the group specified by
> the pam_groupdn keyword in /etc/ldap.conf, the message
> "You must be a member of cn=usergroup,o=ORG to login." appears, but
> the he still gets logged in. It seems like libpam doesn't care if
> the "account" part of the login fails with PAM_AUTH_ERR after the "auth" part
> was successfull.

Do you use stacked account modules? If so you probably need to set the
required flag on account pam_ldap.

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
D-72074 Tübingen                    norbert.klasen@zdv.uni-tuebingen.de
Germany                                     http://www.directory.dfn.de

[prev in list] [next in list] [prev in thread] [next in thread]