--- wikisrc/tutorials/openldap_authentication_on_netbsd.mdwn	2014/05/31 17:49:28	1.3
+++ wikisrc/tutorials/openldap_authentication_on_netbsd.mdwn	2014/06/04 20:56:19	1.4
@@ -300,7 +300,7 @@ On my system I have the following change
 
 ##  /etc/pam.d/system 
     
-    # $NetBSD: openldap_authentication_on_netbsd.mdwn,v 1.2 2012/02/05 07:14:36 schmonz Exp $
+    # $NetBSD: openldap_authentication_on_netbsd.mdwn,v 1.3 2014/05/31 17:49:28 tron Exp $
     #
     # System-wide defaults
     #
@@ -335,6 +335,27 @@ The original message describing the prob
 <http://mail-index.netbsd.org/tech-userlevel/2007/08/25/0006.html>
 
 
+##  /etc/pam.d/system 
+
+    #
+    # PAM configuration for the "sudo" service
+    #
+    
+    # auth
+    auth            sufficient      pam_ldap.so             no_warn try_first_pass
+    auth            required        pam_unix.so             no_warn try_first_pass nullok use_uid
+    
+    # account
+    account         required        pam_login_access.so
+    account         include         system
+    
+    # session
+    session         required        pam_permit.so
+    
+This file is only required if you want to use the "sudo" package from "pkgsrc".
+You will have to compile this package manually with "PKG_OPTIONS.sudo" set to
+"pam" because it doesn't support PAM by default.
+    
 #  Securing your system 
 
 As far as the document goes now, this setup is unprotected in that anyone listening in to the packets travelling trough your network would be able to find the unencrypted messages of your ldap users. Not a happy thought.