diff options
| -rw-r--r-- | meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account | 3 | ||||
| -rw-r--r-- | meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account index 10cfc73ea..82449cad0 100644 --- a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account +++ b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account @@ -14,7 +14,8 @@ # # here are the per-package modules (the "Primary" block) -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so +-account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail # here's the fallback if no module succeeds account requisite pam_deny.so account required pam_tally2.so diff --git a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth index 4ac58fb54..7bebd9a6a 100644 --- a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth +++ b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth @@ -8,8 +8,10 @@ # traditional Unix authentication mechanisms. # here are the per-package modules (the "Primary" block) -auth [success=ok default=1] pam_tally2.so deny=0 unlock_time=0 -auth [success=1 default=ignore] pam_unix.so nullok_secure +auth [success=ok default=2] pam_tally2.so deny=0 unlock_time=0 +# Try for local user first, and then try for ldap +auth [success=2 default=ignore] pam_unix.so nullok_secure +-auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; |