On 15.07.2013 21:09, Daniel Eischen wrote:> On Mon, 15 Jul 2013, Michael Loftis wrote: > >> nss_ldap fulfills most of the get*ent calls, thus based on the bits of >> your configuration you've exposed I think you're ending up with that >> behavior and not using pam_ldap at all. Instead the authentication is >> happening via nsswitch fulfilling getpwent() call's (the passwd: files >> ldap line in nsswitch.conf) > > Ok, thanks. But shouldn't the documentation be changed > to reflect that?
More than that. In my opinion it should be updated by replacing nss_ldap and pam_ldap with nss-pam-ldapd which splits the job of both into a shared daemon talking to the LDAP server and small stubs linked into the NSS / PAM using process talking to the local daemon. This allows useable timeout handling and client certificates with save permissions. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"