pam: Fix pam configuration for cron.

author Matthijs Kooijman <matthijs@stdin.nl>

Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)

committer Matthijs Kooijman <matthijs@stdin.nl>

Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)
author Matthijs Kooijman <matthijs@stdin.nl>
Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)
committer Matthijs Kooijman <matthijs@stdin.nl>
Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)
diff --git a/etc/pam.d/cron b/etc/pam.d/cron

index 2a58ec2e9bbdbf16cd0a01ca88bb5fe7b3f21bc9..938d30f297dc0ef8cfb5651bb6385a9ce9f345cd 100644 (file)
--- a/etc/pam.d/cron
+++ b/etc/pam.d/cron
@@ -2,12 +2,18 @@
  # The PAM configuration file for the cron daemon
  #
  
-@include common-auth
-auth       required   pam_env.so
-@include common-account
-@include common-session
+auth          sufficient          pam_unix.so
+@include      common-auth
+
+# This is required instead of sufficient, since pam_unix mostly does checks
+# based on NSS, so this will also work for ldap users.
+account       required          pam_unix.so
+# We use a custom control spec so we won't fail on user_unknown special
+account       [success=ok new_authtok_reqd=ok user_unknown=ignore ignore=ignore default=bad] pam_ldap.so
+
+
+@include      common-session
+
  # Sets up user limits, please define limits for cron tasks
  # through /etc/security/limits.conf
  session    required   pam_limits.so
-
-
author	Matthijs Kooijman <matthijs@stdin.nl>
	Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)
committer	Matthijs Kooijman <matthijs@stdin.nl>
	Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)