On Saturday 05 May 2007 16:13, Peter Samuelson [EMAIL PROTECTED] wrote:
[Roberto C. Sánchez]
You mean that the passwords go in the clear?
Yes, unless you are securing the entire LDAP session, using SSL.
Does the pam_ldap module allow you to store the SSL key for the server or
authenticate
Le lundi 07 mai 2007 à 09:57 +1000, Russell Coker a écrit :
On Saturday 05 May 2007 16:13, Peter Samuelson [EMAIL PROTECTED] wrote:
[Roberto C. Sánchez]
You mean that the passwords go in the clear?
Yes, unless you are securing the entire LDAP session, using SSL.
Does the pam_ldap
On Fri, May 04, 2007 at 11:51:02PM +0200, Petter Reinholdtsen wrote:
Actually, you got it backwards, as explained above. pam-ldap isn't
using the password hash to check the password. It is passing the
password over to the LDAP server (using an LDAP bind), and letting the
LDAP server
Dear list...
someone (curse you, Matthijs) motivated me to dump NIS in favor of LDAP
for user accounts on my small home net. Good thing I did it during my
vacation because it's not as trivial as I hoped.
I'm unhappy with the outcome of the bug #298148 (kdebase-bin: kcheckpass
needs setuid bit
[Christoph Haas]
I'm unhappy with the outcome of the bug #298148 (kdebase-bin: kcheckpass
needs setuid bit for ldap authentication). When using libnss-ldap and
libpam-ldap (optionally) people who lock their screen in KDE will not be
able to unlock the screen and may (like me) lose data
Petter,
On Fri, May 04, 2007 at 05:29:07PM +0200, Petter Reinholdtsen wrote:
[Christoph Haas]
I'm unhappy with the outcome of the bug #298148 (kdebase-bin: kcheckpass
needs setuid bit for ldap authentication). When using libnss-ldap and
libpam-ldap (optionally) people who lock their screen
Christoph,
Thanks in advance for the hints. I'm taking notes already to document
this better.
please post a link as soon as you have some documentation online. I'd
think that a wiki would be a good place for it. pam-ldap/libnss-ldap is
missing a good documentation definitely.
Cheers,
Bernd
[Christoph Haas]
Okay, so libpam-ldap is mandatory in that case? Good to know. Most
of the documentation I found said that only libnss-ldap is needed
for login and libpam-ldap's only use is for changing the password
over LDAP.
Yes, pam is needed to do proper authentication (password
On Fri, May 04, 2007 at 11:51:02PM +0200, Petter Reinholdtsen wrote:
Yes, pam is needed to do proper authentication (password checking),
and nss is needed to find information about users and groups. Yes,
you can use nss to find password hashes and authenticate locally after
fetching the hash
On Fri, May 04, 2007 at 02:49:40PM -0700, Steve Langasek wrote:
It means that pam_unix is able to access your shadow hash on behalf of the
user, when using root privileges (which is expected and required in the case
where you want to support password changes via pam_ldap); and that if
On Fri, May 04, 2007 at 11:51:02PM +0200, Petter Reinholdtsen wrote:
Actually, you got it backwards, as explained above. pam-ldap isn't
using the password hash to check the password. It is passing the
password over to the LDAP server (using an LDAP bind), and letting the
LDAP server decide
On Fri, May 04, 2007 at 06:19:34PM -0400, Roberto C. Sánchez wrote:
On Fri, May 04, 2007 at 02:49:40PM -0700, Steve Langasek wrote:
It means that pam_unix is able to access your shadow hash on behalf of the
user, when using root privileges (which is expected and required in the case
where
12 matches
Mail list logo
