iam very amazed, because i thought that with this ldap line its also necessary that 'account required pam_unix.so' must return 'ok' that the authorization part is successfull, but the ldap account is there not available. but thanks anyway it solved my requirements!
hi again,
i recognized that if the user is found via AUTH in ldap and authenticated there, that its not possible for ACCOUNT to jump from pam_ldap.so to pam_unix.so. i checked this as i used 'su' to switch to root but then i became the message:
---
You must be a uniqueMember of cn=klever,ou=hosts,dc=x,dc=x,dc=x to login.
su: Sorry
---
root does exist in ldap for AUTH but not for ACCOUNT, but root should be used locally via
pam_unix.so.
/etc/pam.d/system is configured like /etc/pam.d/sshd and so /etc/pam.d/su should be very likely the same as /etc/pam.d/sshd through the include in it.
maybe you have an answer to this too :)
thanks!
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
