I have configured my Centos 7 system so that users accessing this system are authenticated by a remote LDAP server. When the LDAP server is not reachable, I would like for users to be authenticated with the password locally defined for them. I got this going by using the following two lines in the relevant file in /etc/pam.d:
auth sufficient pam_ldap.so
auth substack password
This gets the job done, but it has a drawback: if the password supplied does not match the one in the LDAP server then local authentication is attempted. I would like for local authentication to be attempted only when the LDAP server cannot contacted for whatever reason. If it can, but the password supplied is incorrect, local authentication should not be attempted.
Can PAM do this?
PAM configuration with remote authentication
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: PAM configuration with remote authentication
Are you sure that sssd can't do caching for you ?