[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: email@example.com
- Subject: Re: LDAP+Kerberos
- From: Brian May <firstname.lastname@example.org>
- Date: 06 Dec 2000 18:05:12 +1100
- In-Reply-To: Nicolas Williams's message of "Tue, 28 Nov 2000 11:43:14 -0500"
- References: <3A14F323.email@example.com><20001117094258.Q13223@sm2p1386swk.wdr.com><firstname.lastname@example.org><20001120103732.B13223@sm2p1386swk.wdr.com><email@example.com><20001128114312.Z22005@sm2p1386swk.wdr.com>
- Sender: firstname.lastname@example.org
- User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Capitol Reef)
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@ubsw.com> writes:
Nicolas> No. NSS does that and is not related to PAM in any direct
Nicolas> way (except that PAM modules use getpwnam() and
Nicolas> getspnam() which would be implemented by NSS, if you have
Nicolas> NSS -- see nsswitch.conf(5)).
Nicolas> The 'account' service is for authorization, as in wether
Nicolas> the user is allowed to login to the application in
Nicolas> question. It's also used to indicate to the application
Nicolas> such things as wether the user's password has expired and
Nicolas> so must be changed.
Oh.. yeah... of course... I knew that ;-)
Nicolas> All of them do. The use_first_password argument tells the
Nicolas> given module to use the first password the user typed in
Nicolas> and prompt for no other passwords, even if the first
Nicolas> password was incorrect.
Nicolas> As opposed to try_first_password which tells the given
Nicolas> module to try the first password typed in by the user and
Nicolas> that, if that password is incorrect, then the module is
Nicolas> free to prompt for additional passwords.
Nicolas> The absence of either argument allows modules to prompt
Nicolas> for passwords without testing the first password typed in
Nicolas> by the user.
Wow! I often thought this was... errr... questionable prompting for
the password multiple times. However, I never realized that this
behaviour could be changed.
Thanks for the tip.
To add to my "remember this" list:
Brian May <email@example.com>