Henry B. Hotz wrote:
> So in your case the ldap users (everyone?) *expect* to have to enter two
> passwords. I was assuming that the ldap and kerberos users were disjoint.
>
> I think it's the use_first_pass, rather than the binding that's killing
> you. If the optional doesn't turn off the warning then there's no pam
> workaround to the bug that I see. s/use_/try_/ on pam_ldap might fix
> the error, but you'd be getting two Kerberos failed warnings instead of
> just one. *bleah*
Please read the man pages for the modules we ship in Solaris. From
Solaris 9 onwards we started removing the silly {use,try}_first_pass
stuff. For Solaris 10 and onwards it is all gone from the modules that
we ship in Solaris.
You don't actually need them anyway since you can use the pam.conf
control flags, requisite, sufficient, binding to do what you need.
--
Darren J Moffat
