2 # /etc/pam.d/common-account - authorization settings common to all services
4 # This file is included from other service-specific PAM config files.
6 # pam_unix does general checks based on NSS info, so it also works for both
7 # local and ldap users.
8 account required pam_unix.so
10 # pam_ldap does additional checks (in particular checking the host ldap
11 # attribute). Passing minimum_uid makes it work only for non-local users
12 # (checking this based on the uid is not really elegant, but there is no
13 # perfect way to do this anyway). We pass ignore_unknown_user to make the
14 # module return 'ignore' instead of 'user_unknown' for local users, which gets
15 # handled by 'required' properly (without having to specify a verbose custom
17 account required pam_ldap.so ignore_unknown_user minimum_uid=2000