[tech] Mussel auth down?

David Adam zanchey at ucc.gu.uwa.edu.au
Thu Aug 2 17:34:09 WST 2007


On Thu, 2 Aug 2007, Adrian Woodley wrote:
> David Adam wrote:
> > On Wed, 1 Aug 2007, David Adam wrote:
> >> - putting Unix authentication before LDAP in PAM, even if just for Mussel
> >
> > I've done this on Mussel (edited common-auth and common-account, left
> > common-password as-is), so root should be able to get in if LDAP dies
> > again.
>
> Would something like:
>
> passwd: files ldap [UNAVAIL=return]
> group:  files ldap [UNAVAIL=return]
>
> or
>
> passwd: files ldap [NOTFOUND=return]
> group:  files ldap [NOTFOUND=return]
>
> in /etc/nsswitch.conf be appropriate? Not sure which is applicable though.

We have that already, and it's not the problem. Login uses PAM, rather
than nsswitch, which only gets used for looking up UIDs etc. Not having
files first can bite you if you do an 'ls /home' with LDAP or NIS down -
I've had that before, but what was actually stopping login was LDAP being
first in PAM's order.

[DAA]


More information about the tech mailing list