[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap, pam_ldap, accounts

To: Ben Collins <bcollins@debian.org>
Subject: Re: openldap, pam_ldap, accounts
From: David J N Begley <david@avarice.nepean.uws.edu.au>
Date: Mon, 6 Dec 1999 12:43:09 +1100 (EST)
Cc: "John P. Looney" <jplooney-ldap@online.ie>, OpenLDAP-general@OpenLDAP.org
In-reply-to: <19991205085217.H1884@lappy.djj.state.va.us>

On Sun, 5 Dec 1999, Ben Collins wrote:

> > C'mon, you knew I was asking about the behaviour of checking a separate
> > file.  Looks like this is "the suggested patch", only recently added
> > (November 20, nss_ldap v88).
> 
> Even still, how would that be a "Linux-specific hack"? :)

If it wasn't in the mainline code (which it turns out, it is) but added by a
Linux distribution vendor, then it could be said to be a "Linux-specific
hack".  ;-)  I hadn't seen this ability in nss_ldap, only some discussion of
something similar on one of the PADL mailing lists - ergo, my question.

> > As of nss_ldap v98 it looks like the bind DN still comes from the original
> > "/etc/ldap.conf" file and the new "/etc/ldap.secret" just contains the
> > password (no keywords, no comments, nothing else).
> 
> Correct, I was mistaken on this point. Having the secret seperate though
> makes it a more secure and usable system none-the-less.

Absolutely!  Still only handles reads (naming/lookup) from the directory
though...

dave

References:
- Re: openldap, pam_ldap, accounts
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: CRL Distribution Mechanism Evaluation and Considerations
Next by Date: Re: CRL Distribution Mechanism Evaluation and Considerations
Index(es):
- Chronological
- Thread