Marcus Moeller wrote:
We have some problems with NOCpulse::SetID and Kerberos/LDAP
Authentication.
Our server is configured to allow uid <500 to be authenticated locally,
in /etc/pam.d/system-auth:
auth requisite pam_succeed_if.so uid >= 500 quiet
gogo.pl (which makes use of SetID) is started with nocpulse username as
parameter and the user id of nocpulse is 101 with gid 102. So, normally
the Kerberos/LDAP Servers should not be queried.
A simple su - nocpulse from commandline works fine, too.
Despite, from a gogo.pl strace, SetID is continuously trying to access
our LDAP servers
10291 getsockname(5, {sa_family=AF_INET, sin_port=htons(47740),
sin_addr=inet_addr("xx.xx.xx.xx")}, [9583941490611060752]) = 0
10291 getpeername(5, {sa_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("yy.yy.yy.yy")}, [68719476752]) = 0
Any idea?
I suppose the use of function of getpwnam() is resposible for these.
m...@marcus-moeller.de
--
Miroslav Suchy
Red Hat Satellite Engineering
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list