pam: Only use LDAP for auth and account, remove unix authentication.

diff --git a/etc/pam.d/common-account b/etc/pam.d/common-account
index 141d2c2efb683e57b219c132d075534e43c0f517..963b69665b81883d80b384d4ab534d673ee3bec4 100644 (file)
--- a/etc/pam.d/common-account
+++ b/etc/pam.d/common-account
@@ -10,5 +10,4 @@
 #account       required        pam_unix.so
 #
 # LDAP config based on from http://wiki.debian.org/LDAP/PAM
-account         sufficient      pam_ldap.so
-account         required        pam_unix.so
+account         required        pam_ldap.so

diff --git a/etc/pam.d/common-auth b/etc/pam.d/common-auth
index f7bce516164e4e06f124f47bf2c46dbeb9669d01..48ce0f169a87c70c37e7fef59cf91aa5120bbf87 100644 (file)
--- a/etc/pam.d/common-auth
+++ b/etc/pam.d/common-auth
@@ -12,6 +12,4 @@
 # auth required        pam_unix.so nullok_secure
 #
 # LDAP config based on from http://wiki.debian.org/LDAP/PAM
-auth    sufficient      pam_unix.so nullok_secure
-auth    sufficient      pam_ldap.so use_first_pass
-auth    required        pam_deny.so
+auth    required        pam_ldap.so

diff --git a/etc/pam.d/common-session b/etc/pam.d/common-session
index baffea8da9e3b6039b9d1dc4e071fd62d3232a84..840e35f24fbab3615b02410aaf6734de62dffe4b 100644 (file)
--- a/etc/pam.d/common-session
+++ b/etc/pam.d/common-session
@@ -13,6 +13,6 @@
 # LDAP config based on from http://wiki.debian.org/LDAP/PAM
 session     required      pam_limits.so
 session     required      pam_unix.so
-session     optional      pam_ldap.so
+session     required      pam_ldap.so
 
 session     required      pam_mkhomedir.so skel=/etc/skel umask=0022