© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I've been having this problem also for some time now. I did some more testing with pam configuration and found out that there is something broken(?) in using combination of pam_unix and pam_ldap with auth and account management group types.
So this does NOT work (in file /etc/pam.d/vsftpd):
----------
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_permit.so
auth sufficient pam_unix.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_permit.so
----------
BUT this DOES work (for both unix-only and ldap-only users, although now ldap has precedence of course):
---------
account sufficient pam_ldap.so
account sufficient pam_unix.so
account required pam_permit.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so use_first_pass
auth required pam_permit.so
---------
Additionally order of pam_unix and pam_ldap does not matter with session and password types.
Also if you use pam_unix ONLY in either of account OR auth before pam_ldap, then it also fails.
So something strange going on with pam_unix.so perhaps?