Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Winbind PAM Double Password Prompts
  • From: Cameron Thorne <clt@xxxxxxxxxxx>
  • Date: Mon, 08 Nov 2004 08:08:27 -0600
  • Message-id: <418F7DDB.2080106@xxxxxxxxxxx>
I know this has been beat to death, but I've exhausted all the resources Google affords me to no avail.

I am running Winbind to authenticate against active directory in SLES9. ADS users can login normally. Locally defined users get double-prompted for password. This prevents anyone other than root from running YaST in KDE.

/etc/pam.d/login:
#%PAM-1.0
auth required pam_securetty.so
auth required pam_nologin.so
#auth required pam_homecheck.so
auth required pam_env.so
auth required pam_mail.so
auth sufficient pam_unix2.so nullok
auth required pam_winbind.so use_first_pass
account sufficient pam_unix2.so
account required pam_winbind.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_unix2.so none # debug or trace
session required pam_limits.so

/etc/pam.d/xdm:
#%PAM-1.0
auth sufficient pam_unix2.so nullok
auth required pam_winbind.so use_first_pass
account sufficient pam_unix2.so
account required pam_winbind.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_unix2.so debug # trace or none
session required pam_devperm.so
session required pam_resmgr.so

Any ideas?

-- Cameron Thorne

< Previous Next >
This Thread
  • No further messages