From 74bb11bba73d6b940e1d698794c365ca09a1d359 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Tue, 30 Dec 2008 16:50:45 +0100 Subject: [PATCH] pam: Fix pam configuration for cron. This allows non-ldap users (say, root) to use cron. --- etc/pam.d/cron | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/etc/pam.d/cron b/etc/pam.d/cron index 2a58ec2..938d30f 100644 --- a/etc/pam.d/cron +++ b/etc/pam.d/cron @@ -2,12 +2,18 @@ # The PAM configuration file for the cron daemon # -@include common-auth -auth required pam_env.so -@include common-account -@include common-session +auth sufficient pam_unix.so +@include common-auth + +# This is required instead of sufficient, since pam_unix mostly does checks +# based on NSS, so this will also work for ldap users. +account required pam_unix.so +# We use a custom control spec so we won't fail on user_unknown special +account [success=ok new_authtok_reqd=ok user_unknown=ignore ignore=ignore default=bad] pam_ldap.so + + +@include common-session + # Sets up user limits, please define limits for cron tasks # through /etc/security/limits.conf session required pam_limits.so - - -- 2.30.2