On Sunday 29 May 2005 22:17, Christos Zoulas wrote:
> On May 29,  9:08pm, th.lacoste@wanadoo.fr (Thierry Lacoste) wrote:
> -- Subject: Re: pam+ldap
>
> | Er ... I don't understand. I am root when I do 'su - guest'.
> | The target of the su doesn't have to be in the wheel group ...
> | ... correct?
>
> That is correct. Wheel only matters when you try to go to root. I would
> try a single line pam.conf file with only the ldap module.
>
> christos

With my previous /etc/pam.d/su, toto beeing a user on my client
and guest beeing a user on my ldap server, I've just noticed that
'su toto' works after generating ldap traffic on my network interface
while 'su guest' fails immediately.

Following your suggestion I edited my /etc/pam.d/su to read
auth 		sufficient /usr/pkg/lib/security/pam_ldap.so
account 	sufficient /usr/pkg/lib/security/pam_ldap.so

Now I have:

$ su - toto
su: pam_start failed
$ su - guest
su: unknown login guest

I don't understand those different behaviors?

I'm also confused because Quentin says it's a dead end
while you seem to think it should work.
Or did I misinterprete you?

Regards,
Thierry.