on 4-15-2008 10:17 AM Jason Pyeron spake the following: > >> -----Original Message----- >> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On >> Behalf Of Ross S. W. Walker >> Sent: Tuesday, April 15, 2008 12:16 PM >> To: CentOS mailing list >> Subject: RE: [CentOS] nis and new users >> >> Well what you have will only cover console logins via the login >> process, not GUI xdm/gdm/kdm or ssh/telnet/ftp/rsh logins. >> >> Try this: >> >> /etc/pam.d/system-auth >> #%PAM-1.0 >> # This file is auto-generated. >> # User changes will be destroyed the next time authconfig is run. >> auth required pam_env.so >> auth optional pam_group.so >> auth sufficient pam_unix.so nullok try_first_pass >> auth requisite pam_succeed_if.so uid >= 500 quiet >> auth sufficient pam_krb5.so use_first_pass >> auth required pam_deny.so >> >> account required pam_unix.so broken_shadow >> account sufficient pam_localuser.so >> account sufficient pam_succeed_if.so uid < 500 quiet >> account [default=bad success=ok user_unknown=ignore] pam_krb5.so >> account required pam_permit.so >> >> password requisite pam_cracklib.so try_first_pass retry=3 >> password sufficient pam_unix.so md5 shadow nullok try_first_pass >> use_authtok >> password sufficient pam_krb5.so use_authtok >> password required pam_deny.so >> >> session optional pam_keyinit.so revoke >> session required pam_mkhomedir.so skel=/etc/skel umask=0077 >> silent >> session required pam_limits.so >> session [success=1 default=ignore] pam_succeed_if.so service in crond >> quiet use_uid >> session required pam_unix.so >> session optional pam_krb5.so >> > > Hmm, it worked for su -l but not ssh logins .... > > > Making progress. Do you have ssh set to use pam? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080415/648095d3/attachment-0005.sig>