pam: Use LDAP for authentication.

[matthijs/servers/drsnuggles.git] / etc / pam.d / common-password

diff --git a/etc/pam.d/common-password b/etc/pam.d/common-password
index 45959eb5afda0d96870e67e9844aff00eed9b2b7..513712b467749b294b8db8a83b1424edc63e83f7 100644 (file)
--- a/etc/pam.d/common-password
+++ b/etc/pam.d/common-password
@@ -21,7 +21,14 @@
 #
 # See the pam_unix manpage for other options.
 
-password   required   pam_unix.so nullok obscure md5
+# Default was:
+# password   required   pam_unix.so nullok obscure md5
+# 
+# LDAP config copied from http://wiki.debian.org/LDAP/PAM, but with use_authtok
+# options removed.
+password    sufficient    pam_unix.so md5 obscure min=4 max=8 nullok try_first_pass
+password    sufficient    pam_ldap.so
+password    required      pam_deny.so
 
 # Alternate strength checking for password. Note that this
 # requires the libpam-cracklib package to be installed.