PAM configuration with remote authentication

Support for security such as Firewalls and securing linux
Post Reply
Rensenbrink
Posts: 5
Joined: 2017/12/04 22:36:38

PAM configuration with remote authentication

Post by Rensenbrink » 2017/12/04 22:45:33

I have configured my Centos 7 system so that users accessing this system are authenticated by a remote LDAP server. When the LDAP server is not reachable, I would like for users to be authenticated with the password locally defined for them. I got this going by using the following two lines in the relevant file in /etc/pam.d:

auth sufficient pam_ldap.so
auth substack password

This gets the job done, but it has a drawback: if the password supplied does not match the one in the LDAP server then local authentication is attempted. I would like for local authentication to be attempted only when the LDAP server cannot contacted for whatever reason. If it can, but the password supplied is incorrect, local authentication should not be attempted.

Can PAM do this?

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: PAM configuration with remote authentication

Post by hunter86_bg » 2017/12/06 19:54:26

Are you sure that sssd can't do caching for you ?

Post Reply