-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steinar H. Gunderson написа: \> If you use passwords in your libnss-ldap configuration, it is usually a > good idea to have the configuration set with mode 0600 (readable and > writable only by the file's owner). > . > Note: As a sanity check, libnss-ldap will check if you have nscd > installed > and will only set the mode to 0600 if nscd is present. > > So if you explicitly set it, and then stop nscd, it will break. That's not > really anything libnss-ldap can do anything about, is it?
I did not stop nscd. I understand that passwords must be safe. but this is easily achieved using separate file for passwords, without breaking anything. Right now, if I put password in /etc/libnss-ldap.conf (and therefore protect the file with 0600 permissions), only root can access ldap via nss. Others get assertions. This makes the password-along-everything setup highly unusable (to me). It is my belief that the default configuration makes exactly the right thing - stores the password in a separate (and protected) file. Why then fiddle with libnss-ldap.conf's permissions at all and break things? So my proposition is this: - keep storing the password in a separate 0600-pemrs file - use 0644 permissions for /etc/libnss-ldap.conf - drop the debconf question about it. - smile :) I hope this makes sense, dam - -- Damyan Ivanov Modular Software Systems [EMAIL PROTECTED] phone +359(2)928-2611, 929-3993 fax +359(2)920-0994 mobile +359(88)856-6067 [EMAIL PROTECTED]/Gaim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFHhC5Hqjlqpcl9jsRAkJmAJ4tXSB/JDg+1rsd0xemZ3X28rmnnQCgox6m 1b/3s2Wh2n3Xlni506nTEpE= =vwd3 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]