Right - as I said, it was a configuration error. :) Closing the report.
** Changed in: libnss-ldap (Ubuntu)
Status: Confirmed = Invalid
--
account configuration not working
https://bugs.launchpad.net/bugs/456985
You received this bug notification because you are a member of Ubuntu
Right - as I said, it was a configuration error. :) Closing the report.
** Changed in: libnss-ldap (Ubuntu)
Status: Confirmed = Invalid
--
account configuration not working
https://bugs.launchpad.net/bugs/456985
You received this bug notification because you are a member of Ubuntu
Bugs,
Steve,
Would you agree to adding the broken_shadow option to pam_unix in the
account mode?
The use case here is a laptop that normally authenticates with kerberos
and gets it's NSS from LDAP, including the shadow map, even though it's
not really used in this situation (due to the use of
Would you agree to adding the broken_shadow option to pam_unix in
the account mode?
No, I would not. It's a configuration error to have a password record
with an x without a corresponding shadow entry, and we shouldn't
ignore such configuration errors by default.
--
account configuration not
On Sat, 2009-10-24 at 06:56 +, Steve Langasek wrote:
No, I would not.
~sigh~
It's a configuration error to have a password record
with an x without a corresponding shadow entry, and we shouldn't
ignore such configuration errors by default.
It's not a configuration error when the
Steve,
You can close this. i have figured out how to make my LDAP passwd map
behave.
For anyone following along or who may find this in their travels, you
will want to remove the shadowAccount object class from any ldap entries
which represent users that should be authenticated by Kerberos --
Steve,
Would you agree to adding the broken_shadow option to pam_unix in the
account mode?
The use case here is a laptop that normally authenticates with kerberos
and gets it's NSS from LDAP, including the shadow map, even though it's
not really used in this situation (due to the use of
Would you agree to adding the broken_shadow option to pam_unix in
the account mode?
No, I would not. It's a configuration error to have a password record
with an x without a corresponding shadow entry, and we shouldn't
ignore such configuration errors by default.
--
account configuration not
On Sat, 2009-10-24 at 06:56 +, Steve Langasek wrote:
No, I would not.
~sigh~
It's a configuration error to have a password record
with an x without a corresponding shadow entry, and we shouldn't
ignore such configuration errors by default.
It's not a configuration error when the
Steve,
You can close this. i have figured out how to make my LDAP passwd map
behave.
For anyone following along or who may find this in their travels, you
will want to remove the shadowAccount object class from any ldap entries
which represent users that should be authenticated by Kerberos --
** Changed in: libnss-ldap (Ubuntu)
Status: New = Confirmed
** Changed in: libnss-ldap (Ubuntu)
Importance: Undecided = Low
--
account configuration not working
https://bugs.launchpad.net/bugs/456985
You received this bug notification because you are a member of Ubuntu
Server Team,
Chuck: your New-Confirmed seems to contradict Steve's assessment, yes?
I can see Steve's point, so I raised the issue on the nssldap list at
PADL but didn't really get anything meaningful back. It would appear
that nobody is listening there or there is no solution to this problem.
I.e. to this
** Changed in: libnss-ldap (Ubuntu)
Status: New = Confirmed
** Changed in: libnss-ldap (Ubuntu)
Importance: Undecided = Low
--
account configuration not working
https://bugs.launchpad.net/bugs/456985
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Chuck: your New-Confirmed seems to contradict Steve's assessment, yes?
I can see Steve's point, so I raised the issue on the nssldap list at
PADL but didn't really get anything meaningful back. It would appear
that nobody is listening there or there is no solution to this problem.
I.e. to this
Sorry, but this is a libnss-ldap bug or a bug in your configuration.
The pam_unix module checks the password field returned getpwnam() for
the value 'x', and if found, consults the shadow database. If libnss-
ldap isn't going to make the shadow database available, then it
shouldn't refer callers
Sorry, but this is a libnss-ldap bug or a bug in your configuration.
The pam_unix module checks the password field returned getpwnam() for
the value 'x', and if found, consults the shadow database. If libnss-
ldap isn't going to make the shadow database available, then it
shouldn't refer callers
16 matches
Mail list logo