[CentOS] Auth pam ldap and fail2ban
mark
m.roth at 5-cent.usThu Feb 21 15:55:58 UTC 2019
- Previous message: [CentOS] Auth pam ldap and fail2ban
- Next message: [CentOS] Setting GDM resolution without knowing the monitor specs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jimmy Morin wrote:
>
> Fail2ban is logging false positive with authentication using pam ldap.
>
> What happen is a user login using his ldap password cause pam_unix to
> fail then pam_ldap log the user in.
>
> sshd filter for fail2ban read /var/log/secure see the pam_unix error,
> flag it even if the next line in the log says the login is successful.
>
> CentOS 7 with fail2ban 0.9.7 from EPEL.
>
> Any idea how to fix this?
My first thought would be to redo pam system-auth for login such that
pam_ldap *precedes* pam_unix.
Question: is pam_unix sufficient, or required?
mark
- Previous message: [CentOS] Auth pam ldap and fail2ban
- Next message: [CentOS] Setting GDM resolution without knowing the monitor specs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list