[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: [pamldap] pam_ldap and pam_unix... which is the better order?
From: Brian Nelson <bnelson () cis ! ysu ! edu>
Date: 2001-07-31 23:59:17
[Download RAW message or body]
Ok. I know that in the examples, pam_ldap is before pam_unix in the 'auth'
section of pam.conf (on solaris). I know this works well, and have actually
recommended it to people in the past.
My question is this: Why is this the recommended (ie common) way to do it? Is
there any specific reasoning?
I have tried it both ways, with the first directive being 'sufficient' and the
second being 'required' with 'use_fist_pass'. Both seem to work just fine.
My question arose when I noticed that putting pam_ldap first (for the dtlogin
section at liest) changes the dtlogin screen. Normally, with pam_unix first,
dtlogin display 'Please enter you user name'. With pam_ldap first, it simply
states 'login:'. This only happens in dtlogin. In telnet and such, both modules
display 'login:'
I know this is mearly an asthetic thing, and it really dosnt matter. In fact its
probablly some other hook that could be added to pam_ldap for dtlogin. I just
wondered if there is some reason of which (unix or ldap) should be used first
with the 'sufficient' flag. Does it even matter?
Thanks!
-Brian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic