pam_ldap and nss_ldap : checken and egg problem with "wheel"
group and "su" utility
Rene de Vries
rene at canyon.xs4all.nl
Mon Sep 26 11:21:32 UTC 2011
Why not have /etc/group be authoritive for wheel (an thus have a list
of local superusers).
And use sudo with an ldap based group for everything else.
René
On Sat, 24 Sep 2011 14:03:32 +0200, Dag-Erling Smørgrav wrote:
> Lev Serebryakov <lev at FreeBSD.org> writes:
>> Dag-Erling <des at des.no> writes:
>> > Did you try changing the priority in /etc/nsswitch.conf?
>> It gives very long boot time, as nss_ldap waits for answer from
>> non-started server, again and again, etc.
>
> The only solution I can think of is to try to figure out how to
> reduce
> or eliminate this delay, because the system is doing exactly what you
> asked it to, i.e. treating /etc/group as authoritative and using LDAP
> only for groups it can't find there.
>
> DES
--
René de Vries
rene at canyon.xs4all.nl
More information about the freebsd-security
mailing list