[CentOS] Centos 5 pam system-auth changes?

Thu Sep 6 18:58:02 UTC 2007
Les Mikesell <lesmikesell at gmail.com>

Can someone explain the changes in the system PAM setup for Centos5 vs. 
earlier verions?   I have servers configured to use SMB authentication 
against a Windows domain controller so I don't have to deal with 
separate passwords.  That still works the same for users that actually 
have local accounts.  However, on some machines I also build the 
mod_auth_pam module for apache and use an /etc/pam.d/httpd file like:

auth       required     pam_stack.so service=system-auth
account    required     pam_permit.so

The 'account' line is supposed to let anyone in, even if they don't have 
any local account info so everyone with a domain login/password can 
access the password  protected web pages.

On Centos5, apache authentication with mod_auth_pam still requires a 
local account.  I think this entry in /etc/pam.d/system-auth may be the 
auth        requisite     pam_succeed_if.so uid >= 500 quiet

Does that mean pam is going to fail if it can't find account info during 
the auth phase?   How can I make apache use all the system-auth ways to 
check a password without necessarily needing a local account?  (If 
someone does have a local account with a local password, I want that to 
work too).

   Les Mikesell
    lesmikesell at gmail.com