I know this has been beat to death, but I've exhausted all the resources Google affords me to no avail. I am running Winbind to authenticate against active directory in SLES9. ADS users can login normally. Locally defined users get double-prompted for password. This prevents anyone other than root from running YaST in KDE. /etc/pam.d/login: #%PAM-1.0 auth required pam_securetty.so auth required pam_nologin.so #auth required pam_homecheck.so auth required pam_env.so auth required pam_mail.so auth sufficient pam_unix2.so nullok auth required pam_winbind.so use_first_pass account sufficient pam_unix2.so account required pam_winbind.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_unix2.so none # debug or trace session required pam_limits.so /etc/pam.d/xdm: #%PAM-1.0 auth sufficient pam_unix2.so nullok auth required pam_winbind.so use_first_pass account sufficient pam_unix2.so account required pam_winbind.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so debug # trace or none session required pam_devperm.so session required pam_resmgr.so Any ideas? -- Cameron Thorne