[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] bug? pam_groupdn mismatch, but still login possible
From: Norbert Klasen <klasen () zdv ! uni-tuebingen ! de>
Date: 2000-10-06 11:31:56
[Download RAW message or body]
Arvid Requate wrote:
> When a user tries to login, who isn't part of the group specified by
> the pam_groupdn keyword in /etc/ldap.conf, the message
> "You must be a member of cn=usergroup,o=ORG to login." appears, but
> the he still gets logged in. It seems like libpam doesn't care if
> the "account" part of the login fails with PAM_AUTH_ERR after the "auth" part
> was successfull.
Do you use stacked account modules? If so you probably need to set the
required flag on account pam_ldap.
--
Norbert Klasen
DFN Directory Services tel: +49 7071 29 70335
ZDV, Universität Tübingen fax: +49 7071 29 5912
D-72074 Tübingen norbert.klasen@zdv.uni-tuebingen.de
Germany http://www.directory.dfn.de
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic