[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [FC2] pam_ldap and root user



damiano albani univ-lr fr wrote:
Quoting Lionel LENOBLE <lenoble cip dauphine fr>:

And are you sure that *no* LDAP requests are sent on the network when you log in
as root ? (by sniffing with Ethereal for example)

i also believe that this is a bit blue-eyed.
if you have set up both pam and nss to use ldap (which i have, because i want my users not only to be able to authorize but also to keep their permissions when working with files - eg "ls -l" should work) then pam_unix will send ldap-requests (because of nss);


i can completely remove all traces of pam_ldap in my pam.d-config and still authenticate against ldap;
in fact, i only really need pam_ldap to change passwords.
this means, that as long as nss/pam_unix is so full-featured ("eierlegende wollmilchsau" as we say in german) it is somehow contradictory to the pam-idea.


either this solution is really "stupid" or i have missed some important point


mfg.a.sdr IOhannes

--
IEM - network operation center
mailto:noc iem at



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]