Stephen Frost -- 3.10.2006 22:31 --: > * Damyan Ivanov ([EMAIL PROTECTED]) wrote: >> What I don't understand is why libnss-ldap.conf *needs* to be 0600 at >> all. A big warning in the file (todo) and debconf placing password in >> a separate file (done) should be enough, IMHO. > > It needs to be 600 if you want tight control on your LDAP directory such > that everyone has to connect using a password and you don't want that > password available to everyone. libnss-ldap.conf w/ mode 600 and nscd > works quite well for this.
Ah, I see. You're talking about bindbw setting (I was talking about
rootpw).
Can bindpw be also moved to separate file? This would make fiddling
with libnss-ldap.conf permissions unnecessary and as fas as I can see
would work for everybody.
Not sure how trivial that move is...
Thanks,
dam
--
Damyan Ivanov Modular Software Systems
[EMAIL PROTECTED]
phone +359(2)928-2611, 929-3993 fax +359(2)920-0994
mobile +359(88)856-6067 [EMAIL PROTECTED]/Gaim
signature.asc
Description: OpenPGP digital signature
