On sam., 2013-07-20 at 11:29 +1000, Peter Chubb wrote: > >>>>> "Yves-Alexis" == Yves-Alexis Perez <cor...@debian.org> writes: > > > Yves-Alexis> Can you tell us what exactly is broken by this? As far as > Yves-Alexis> I know this pam file is only for the greeter, not for > Yves-Alexis> session run from them (they're handled by > Yves-Alexis> /etc/pam.d/lightdm which correctly includes the common > Yves-Alexis> debian files. > > People who authenticate only via ldap --- for whom pam_unix.so doesn't > work --- cannot log in, because username and password are not know to > pam_unix.so only to either pam_ldap.so or pam_sssd.so. I imagine > other authentication mechanisms will also fail. > > What's more if there's any other policy set in common-account or > common-session, it's not obeyed (e.g., time-of-use or group membership > restrictions)
I'm pretty puzzled by this. Can you exactly describe what happens, starting from when the greeter starts, and provide some logs? As I already wrote, my feeling was that /etc/pam.d/lightdm-greeter was *not* used for user authentication, so it should even matter in your case. Regads, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
