[FC2] pam_ldap and root user
damiano.albani at univ-lr.fr
damiano.albani at univ-lr.fr
Tue Jun 1 20:35:43 UTC 2004
Quoting IEM - Network Operation Center <noc at iem.at>:
>
> i also believe that this is a bit blue-eyed.
> if you have set up both pam and nss to use ldap (which i have, because i
> want my users not only to be able to authorize but also to keep their
> permissions when working with files - eg "ls -l" should work) then
> pam_unix will send ldap-requests (because of nss);
>
> i can completely remove all traces of pam_ldap in my pam.d-config and
> still authenticate against ldap;
> in fact, i only really need pam_ldap to change passwords.
> this means, that as long as nss/pam_unix is so full-featured
> ("eierlegende wollmilchsau" as we say in german) it is somehow
> contradictory to the pam-idea.
>
> either this solution is really "stupid" or i have missed some important
> point
>
>
> mfg.a.sdr
> IOhannes
>
> --
> IEM - network operation center
> mailto:noc at iem.at
You're totally right, it's NSS', not PAM's fault if there are LDAP requests when
I login as root.
Apparently, there seems to be no solution -- that's a bit of a shame to use the
network where it's not required :(
Thanks anyway.
--
Damiano ALBANI
More information about the Pam-list
mailing list