[FC2] pam_ldap and root user
IEM - Network Operation Center
noc at iem.at
Tue Jun 1 17:02:37 UTC 2004
damiano.albani at univ-lr.fr wrote:
> Quoting Lionel LENOBLE <lenoble at cip.dauphine.fr>:
>
> And are you sure that *no* LDAP requests are sent on the network when you log in
> as root ? (by sniffing with Ethereal for example)
i also believe that this is a bit blue-eyed.
if you have set up both pam and nss to use ldap (which i have, because i
want my users not only to be able to authorize but also to keep their
permissions when working with files - eg "ls -l" should work) then
pam_unix will send ldap-requests (because of nss);
i can completely remove all traces of pam_ldap in my pam.d-config and
still authenticate against ldap;
in fact, i only really need pam_ldap to change passwords.
this means, that as long as nss/pam_unix is so full-featured
("eierlegende wollmilchsau" as we say in german) it is somehow
contradictory to the pam-idea.
either this solution is really "stupid" or i have missed some important
point
mfg.a.sdr
IOhannes
--
IEM - network operation center
mailto:noc at iem.at
More information about the Pam-list
mailing list