From 74bb11bba73d6b940e1d698794c365ca09a1d359 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Tue, 30 Dec 2008 16:50:45 +0100
Subject: [PATCH] pam: Fix pam configuration for cron.

This allows non-ldap users (say, root) to use cron.
---
 etc/pam.d/cron | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/etc/pam.d/cron b/etc/pam.d/cron
index 2a58ec2..938d30f 100644
--- a/etc/pam.d/cron
+++ b/etc/pam.d/cron
@@ -2,12 +2,18 @@
 # The PAM configuration file for the cron daemon
 #
 
-@include common-auth
-auth       required   pam_env.so
-@include common-account
-@include common-session
+auth          sufficient          pam_unix.so
+@include      common-auth
+
+# This is required instead of sufficient, since pam_unix mostly does checks
+# based on NSS, so this will also work for ldap users.
+account       required          pam_unix.so
+# We use a custom control spec so we won't fail on user_unknown special
+account       [success=ok new_authtok_reqd=ok user_unknown=ignore ignore=ignore default=bad] pam_ldap.so
+
+
+@include      common-session
+
 # Sets up user limits, please define limits for cron tasks
 # through /etc/security/limits.conf
 session    required   pam_limits.so
-
-
-- 
2.30.2