Author: jsuchome Date: Tue Aug 26 12:56:22 2008 New Revision: 50368 URL: http://svn.opensuse.org/viewcvs/yast?rev=50368&view=rev Log: applied patch from mc@suse.de to work correctly with Kerberos Modified: trunk/ldap-client/src/Ldap.ycp Modified: trunk/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/Ldap.ycp?rev=50368&r1=50367&r2=50368&view=diff ============================================================================== --- trunk/ldap-client/src/Ldap.ycp (original) +++ trunk/ldap-client/src/Ldap.ycp Tue Aug 26 12:56:22 2008 @@ -2376,7 +2376,17 @@ if (!oes) { // pam settigs - Pam::Add ("ldap"); + if (Pam::Enabled("krb5")) + { + // If kerberos is used for authentication we configure + // pam_ldap in a way that we use only the account checking. + // Other configuration would mess up password changing + Pam::Add ("ldap-account_only"); + } + else + { + Pam::Add ("ldap"); + } // modify sources in /etc/nsswitch.conf Nsswitch::WriteDb ("passwd", ["compat"]); Nsswitch::WriteDb ("passwd_compat", (list<string>) @@ -2425,7 +2435,14 @@ Nsswitch::Write (); - Pam::Remove ("ldap"); + if (Pam::Enabled("ldap")) + { + Pam::Remove ("ldap"); + } + else if(Pam::Enabled("ldap-account_only")) + { + Pam::Remove ("ldap-account_only"); + } WriteLdapConfEntry ("tls_checkpeer", nil); } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org