Stephen Frost -- 3.10.2006 22:31 --: > * Damyan Ivanov ([EMAIL PROTECTED]) wrote: >> What I don't understand is why libnss-ldap.conf *needs* to be 0600 at >> all. A big warning in the file (todo) and debconf placing password in >> a separate file (done) should be enough, IMHO. > > It needs to be 600 if you want tight control on your LDAP directory such > that everyone has to connect using a password and you don't want that > password available to everyone. libnss-ldap.conf w/ mode 600 and nscd > works quite well for this.
Ah, I see. You're talking about bindbw setting (I was talking about rootpw). Can bindpw be also moved to separate file? This would make fiddling with libnss-ldap.conf permissions unnecessary and as fas as I can see would work for everybody. Not sure how trivial that move is... Thanks, dam -- Damyan Ivanov Modular Software Systems [EMAIL PROTECTED] phone +359(2)928-2611, 929-3993 fax +359(2)920-0994 mobile +359(88)856-6067 [EMAIL PROTECTED]/Gaim
signature.asc
Description: OpenPGP digital signature