5.1 beta2 still in trouble with pam_ldap
Dag-Erling Smorgrav
des at ofug.org
Thu May 22 16:45:49 PDT 2003
Gordon Tetlow <gordont at gnf.org> writes:
> Do you think it might be a good idea to turn all the pam configuration
> files to list actual providers at sufficient followed by a pam_deny:
No. I'd rather replace "sufficient" with "binding" where appropriate.
> > Solaris introduced the "binding" flag to try to alleviate this
> > problem. OpenPAM supports "binding", but does not document it
> > anywhere.
> I'm unfamiliar with this option. What's it do?
It behaves like "sufficient" should, i.e. failure is not ignored. I'm
working on updating the documentation.
DES
--
Dag-Erling Smorgrav - des at ofug.org
More information about the freebsd-current
mailing list