Ubuntu
nss-pam-ldapd package

  1. Bug #1314095
  2. Comment #7

Comment 7 for bug 1314095

Revision history for this message
Jan Groenewald (jan-aims) wrote :

Some reference (marked as WONTFIX)
https://bugzilla.redhat.com/show_bug.cgi?id=638279

Above might suggest a configuration that fixes this: check ldap first in common-auth, which currently does:

# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 use_first_pass

That should not be a default (having ldap first) but could be a better workaround than setuid unix_chkpwd ?