[OpenAFS] Openafs Client with pam krb5 and ldap

Russ Allbery rra@stanford.edu
Fri, 01 Oct 2010 10:02:23 -0700


Claudio Prono <claudio.prono@atpss.net> writes:

> /etc/pam.d/common-account

> account requisite       pam_unix2.so
> account required        pam_krb5.so     use_first_pass
> ignore_unknown_principals
> account sufficient      pam_localuser.so
> account required        pam_ldap.so     use_first_pass

I have no idea what pam_localuser does, but right now if it fails the
whole authentication fails.  Are you sure that's what you want?

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>