On 17/06/2010, at 10:52 PM, Aaron Richton wrote:
I'm totally confused. If you're not "concerned about it right now" why is it your original question, as well as causing "me more" concern in the next sentence?
My hint remains that the check you want to enforce without option has been configured as optional. Read the whole pam.conf(5) man page, then reread the section regarding alternatives to "optional," and determine what you need to configure to enforce the behavior you want.
Yes, you are completely correct. I have added this line to sshd and it works. Thank you for putting me in the right direction, even if it took some prodding to get me there!
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user