I think you hit the nail on the head del.
I thought PAM was all encompassing and I thought NSS was just for mapping
UID's for use in the fileystem mostly.
I'll post a one-liner once I've confirmed winbind does the job. In the
meantime I'll see what djb checkpassword + pam patch does to check user
accounts before starting PAM.
Luke
Del wrote:
> Luke McKee wrote:
>
> > When a user doesn't exist it doesn't read any conf files (in my case
> > /etc/pam.d/qmail-pop3) or load any pam modules.
> > I find that this is a bit strange.
> >
> > My /etc/pam.d/qmail-pop3 file looks like this:
> >
> > auth required /lib/security/pam_smb_auth.so debug nolocal
> > session required /lib/security/pam_permit.so
> > account required /lib/security/pam_permit.so
> > password required /lib/security/pam_permit.so
>
> qmail-pop3 probably doesn't like it if the user does not exist. It
> is therefore probably forcing an NSS lookup for the user ID before it
> does a password check.
>
> Some older brain dead programs don't even do an NSS lookup, preferring
> to read /etc/passwd themselves, or do getpwent(). If you find one,
> shoot it.
>
> Have a look in what's in /etc/nsswitch.conf next to "passwd".
> You may find a "files" entry. You may have to replace that
> with an entry for winbind.
>
> As I said earlier, PAM isn't your problem, NSS is.
>
> --
> Del
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
