yuipr
关于pam.d认证管理
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is
# run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_krb5.so
account required /lib/security/$ISA/pam_permit.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_krb5.so
这是我本地的/etc/pam.d/system-auth,我现在用kerberos去进行网络,同进本地用户也能登录,但现在的问题是只要网络或kerberos服务器downs掉了,本地用户也就登录不了了,这是怎么回事呢?能不能解决
yuipr
[quote]原帖由 [i]vermouth[/i] 于 2008-6-11 14:53 发表 [url=http://linux.chinaunix.net/bbs/redirect.php?goto=findpost&pid=6610573&ptid=1010188][img]http://linux.chinaunix.net/bbs/images/common/back.gif[/img][/url]
看看 /etc/nsswitch.conf 有没有修改过,里面默认是 files
你指的登陆不了又是怎么回事呢? [/quote]
etc/nsswitch.conf 这里确实改了,加了个ldap.不能登录就是:输入用户名(本的root用户),密码后光标就停在那儿不动了,差不多一分钟后,又返回到输入用户名那项.
passwd: files ldap
shadow: files ldap
group: files ldap