Re: [CentOS] pam changes - service restart reqd?

On Mon, 30 Aug 2010, Carlos S wrote:

Changed system-auth config to use LDAP.

The sshd config is configured to use PAM. I am not sure whether it load that file at daemon start or refers to it every time a login attempt with password is made.

When would it be requiring restart in general?

Make sure you restart nscd before trying anything else.

If * you're doing LDAP over SSL, * you've configured LDAP to verify peers against a CA certificate, * that cert was not in place when you did the system-auth changes, then sometimes a reboot seems the easiest way out.

I suspect that I haven't played enough with tricks like "telinit u" to figure out the real magic. All I know is that a mid-stream switch to LDAP/SSL doesn't always "take" easily.