diff -ruN pre-ldap-backup/common-account ./common-account
--- pre-ldap-backup/common-account      2005-02-16 05:26:33.000000000 -0500
+++ ./common-account    2005-02-16 05:26:48.000000000 -0500
@@ -6,4 +6,5 @@
 # the central access policy for use on the system.  The default is to
 # only deny service to users whose accounts are expired in /etc/shadow.
 #
+account sufficient      pam_ldap.so
 account        required        pam_unix.so
diff -ruN pre-ldap-backup/common-auth ./common-auth
--- pre-ldap-backup/common-auth 2005-02-16 05:26:33.000000000 -0500
+++ ./common-auth       2005-02-16 05:26:49.000000000 -0500
@@ -7,4 +7,5 @@
 # (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
 # traditional Unix authentication mechanisms.
 #
-auth   required        pam_unix.so nullok_secure
+auth    sufficient      pam_ldap.so
+auth   required        pam_unix.so nullok_secure try_first_pass
diff -ruN pre-ldap-backup/common-password ./common-password
--- pre-ldap-backup/common-password     2005-02-16 05:26:33.000000000 -0500
+++ ./common-password   2005-02-16 05:26:49.000000000 -0500
@@ -14,7 +14,8 @@
 # login.defs. Also the "min" and "max" options enforce the length of the
 # new password.

-password   required   pam_unix.so nullok obscure min=4 max=8 md5
+password   sufficient pam_ldap.so md5
+password   required   pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass

 # Alternate strength checking for password. Note that this
 # requires the libpam-cracklib package to be installed.
diff -ruN pre-ldap-backup/common-session ./common-session
--- pre-ldap-backup/common-session      2005-02-16 05:26:33.000000000 -0500
+++ ./common-session    2005-02-16 05:26:50.000000000 -0500
@@ -6,4 +6,5 @@
 # at the start and end of sessions of *any* kind (both interactive and
 # non-interactive).  The default is pam_unix.
 #
+session sufficient      pam_ldap.so
 session        required        pam_unix.so