I've figured this out on AIX. If anyone googles this later: in /etc/security/user
the default: stanza needs to have: system = "compat or KRB5ALXAP or LDAP" instead of: SYSTEM = "KRB5ALXAP or LDAP or compat" It could probably be done other ways (using PAM,) but this was easiest for now. On Tue, Aug 7, 2012 at 10:02 AM, KodaK <[email protected]> wrote: > I have an unusual situation. Our DBAs want different passwords for > the oracle account > on production and development machines. I'm using local > authentication for oracle > on all the boxes, but they're also not allowed to log in directly as > oracle, only su, but > su always wants to go to ldap first. > > Does anyone know what I need to do to get su to look at local auth > first, then go to > ldap? > > Another consideration is that this is AIX. I'm pretty sure if given a > Linux solution to > this I could adapt (AIX *can* use PAM, it just doesn't by default.) > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
