Re: 5.1 beta2 still in trouble with pam_ldap
From: Ruslan Ermilov (ru_at_freebsd.org)
Date: 05/23/03
- Previous message: Don Lewis: "Re: USB keyboard issue"
- In reply to: Dag-Erling Smorgrav: "Re: 5.1 beta2 still in trouble with pam_ldap"
- Next in thread: Dag-Erling Smorgrav: "Re: 5.1 beta2 still in trouble with pam_ldap"
- Reply: Dag-Erling Smorgrav: "Re: 5.1 beta2 still in trouble with pam_ldap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 May 2003 09:08:46 +0300 To: Dag-Erling Smorgrav <des@ofug.org>
On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote:
> Gordon Tetlow <gordont@gnf.org> writes:
> > Do you think it might be a good idea to turn all the pam configuration
> > files to list actual providers at sufficient followed by a pam_deny:
>
> No. I'd rather replace "sufficient" with "binding" where appropriate.
>
> > > Solaris introduced the "binding" flag to try to alleviate this
> > > problem. OpenPAM supports "binding", but does not document it
> > > anywhere.
> > I'm unfamiliar with this option. What's it do?
>
> It behaves like "sufficient" should, i.e. failure is not ignored.
>
You mean, _last_ failure is not ignored?
-- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age
- application/pgp-signature attachment: stored
- Previous message: Don Lewis: "Re: USB keyboard issue"
- In reply to: Dag-Erling Smorgrav: "Re: 5.1 beta2 still in trouble with pam_ldap"
- Next in thread: Dag-Erling Smorgrav: "Re: 5.1 beta2 still in trouble with pam_ldap"
- Reply: Dag-Erling Smorgrav: "Re: 5.1 beta2 still in trouble with pam_ldap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
