5.1 beta2 still in trouble with pam_ldap
Ruslan Ermilov
ru at freebsd.org
Thu May 22 23:09:25 PDT 2003
On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote:
> Gordon Tetlow <gordont at gnf.org> writes:
> > Do you think it might be a good idea to turn all the pam configuration
> > files to list actual providers at sufficient followed by a pam_deny:
>
> No. I'd rather replace "sufficient" with "binding" where appropriate.
>
> > > Solaris introduced the "binding" flag to try to alleviate this
> > > problem. OpenPAM supports "binding", but does not document it
> > > anywhere.
> > I'm unfamiliar with this option. What's it do?
>
> It behaves like "sufficient" should, i.e. failure is not ignored.
>
You mean, _last_ failure is not ignored?
--
Ruslan Ermilov Sysadmin and DBA,
ru at sunbay.com Sunbay Software AG,
ru at FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20030523/29de4639/attachment.bin
More information about the freebsd-current
mailing list