Can someone explain the changes in the system PAM setup for Centos5 vs. earlier verions? I have servers configured to use SMB authentication against a Windows domain controller so I don't have to deal with separate passwords. That still works the same for users that actually have local accounts. However, on some machines I also build the mod_auth_pam module for apache and use an /etc/pam.d/httpd file like:
#%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_permit.so
The 'account' line is supposed to let anyone in, even if they don't have any local account info so everyone with a domain login/password can access the password protected web pages.
On Centos5, apache authentication with mod_auth_pam still requires a local account. I think this entry in /etc/pam.d/system-auth may be the problem: auth requisite pam_succeed_if.so uid >= 500 quiet
Does that mean pam is going to fail if it can't find account info during the auth phase? How can I make apache use all the system-auth ways to check a password without necessarily needing a local account? (If someone does have a local account with a local password, I want that to work too).