On Sat, 2010-11-20 at 17:26 +0100, Vincent Danjean wrote: > I setup several machines with libpam-ldapd. I observed that, if I give the > wrong password the first time it is asked (for ssh connection, sudo, ...) > then I cannot log in even if I give the correct password at the second (and > third) try.
I'm unable to reproduce this at this time. Can you include nslcd debugging output (/etc/init.d/nslcd stop;nscd -d) while running the command ? You could also add the debug statement to the pam_ldap PAM module to give more debugging info. > Looking into the logs, it seems I'm refused due to the account pam > stack (not the auth pam stack) when I give the good password. An LDAP server typically returns authentication result together with authorisation results (result of a single bind). The authorisation result is only evaluated on the account call. It could be that some information is held on for some reason. Thanks for your bugreport. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
