pam: Fix pam configuration for cron.

[matthijs/servers/drsnuggles.git] / etc / pam.d / cron

diff --git a/etc/pam.d/cron b/etc/pam.d/cron
index 2a58ec2e9bbdbf16cd0a01ca88bb5fe7b3f21bc9..938d30f297dc0ef8cfb5651bb6385a9ce9f345cd 100644 (file)
--- a/etc/pam.d/cron
+++ b/etc/pam.d/cron
@@ -2,12 +2,18 @@
 # The PAM configuration file for the cron daemon
 #
 
-@include common-auth
-auth       required   pam_env.so
-@include common-account
-@include common-session
+auth          sufficient          pam_unix.so
+@include      common-auth
+
+# This is required instead of sufficient, since pam_unix mostly does checks
+# based on NSS, so this will also work for ldap users.
+account       required          pam_unix.so
+# We use a custom control spec so we won't fail on user_unknown special
+account       [success=ok new_authtok_reqd=ok user_unknown=ignore ignore=ignore default=bad] pam_ldap.so
+
+
+@include      common-session
+
 # Sets up user limits, please define limits for cron tasks
 # through /etc/security/limits.conf
 session    required   pam_limits.so
-
-