[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap and PAM Authentication
Amir Bukhari a écrit :
>
> :-D
> oh now it work, it was very simple error, which I have not checked it,
> the file libnss-ldap.conf was not readable by normal users :-) , as I
> change it it work then
But you can keep your /etc/ldap.conf not readable by users (600), it is
quite interesting when ldap.conf contains a bindpw directive that you
want to protect. In that case you need to run nscd which runs as root
and hence can read ldap.conf. this is what I concluded from tests on
securing /etc/ldap.conf file .
> Amir Bukhari wrote:
>
> > Amir Bukhari wrote:
> >
> >> Amir Bukhari wrote:
> >>
> >>>
> >>>> Tony Earnshaw wrote:
> >>>>
> >>>>> I guess that many have had this (I did :-) Look carefully at / play
> >>>>> around with the ACLs in slapd.conf.
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>> I think that is right, because with root I can see the ldap users
> >>> when I try to get somethng from their home with ~ldapusername.
> >>> but other local or ldap user can not seen ldap users with ~ldapusers
> >>> it does not appear.
> >>> but tried to play with ACLs but does not work. all users and
> >>> ananymous has read access to server . then I have change that, so that
> >>> all user have write access but also does not help :-(
> >>>
> >>> Amir
> >>>
> >>>
> >
> > is there is no one which has an Idea about it. this Problem does not
> > accure with Redhat version, I recompile it and the problem stil there,
> > I tried since two days to solve it :-(
> >
> > Note I have debian 3. I need to know how program likei id or ls
> > retrieve the user name, I think from C library and C library use nss
> > library ...
> > is that right
> > Amir
> >
> >
--
Jehan Procaccia
Institut National des Telecommunications| Email:
Jehan.Procaccia@int-evry.fr
MCI, Moyens Communs Informatiques | Tel : +33 (0) 160764436
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321