3 # We have a common auth and account section, since we don't need to check the
4 # "host" attribute, but the "mailHost" attribute. It would be sufficient to
5 # use a custom account section, but pam_ldap only loads its config once, so we
6 # can't use a different config for just the accoun section.
8 # These are just taken from common-{auth,account}, but with the config=
10 auth required pam_ldap.so config=/etc/pam_ldap_dovecot.conf
12 # pam_unix does general checks based on NSS info, so it also works for ldap
14 account required pam_unix.so
16 # pam_ldap does additional checks (in particular checking the host ldap
17 # attribute) but needs to be ignored when it does not know about a user.
18 # We point the module to an alternative configuration file.
19 account [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=ignore default=bad] \
20 pam_ldap.so config=/etc/pam_ldap_dovecot.conf
22 @include common-session