Good criteria. But please also consider the PAM rules for logins. Some allow a graceful fall thru to pam_unix.so as a backup. This should be a default no matter what other auth system is used. There are many other pam auth systems, eg: fingerprint, usb key etc... LDAP is only one of many. So when configuring lib-auth-client take very careful note of the PAM config files and the order of the auth mechanism's.
On Thu, Apr 10, 2008 at 12:01 AM, Dustin Kirkland <[EMAIL PROTECTED]> wrote: > Okay, snapshot of conclusions at this point... > > (1) Any systems Feisty (and earlier) upgraded to Hardy (and later) would > require a manual migration of /etc/libnss-ldap.conf and /etc/pam- > ldap.conf if either or both of those files exist. > > (2) None of the 5+ Ubuntu developers who have looked at this bug has > successfully reproduced the "boot hang" aspect of this bug. A boot hang > involves a system which is not responsive to a network ping, not responsive > to banging keys, and toggling caps-lock/num-lock does not affect the > associated LEDs. (That's a crude definition, of course, but some decent > guidelines.) ANYONE who is able to reproduce such a boot hang, please > respond and attach (a cleansed copy) of: > * /var/log/syslog (as retrieved from a subsequent rescue boot) > * /etc/ldap.conf > * /etc/nsswitch.conf > * /etc/libnss-ldap.conf > * /etc/pam-ldap.conf > > (3) We have been able to reproduce a "hang on login". I'd argue that > this is a "functions as designed" scenario. If you require an LDAP > server to login, and it's not available, logins should not succeed until > the target LDAP server becomes available. In the case where you want to > relax that requirement, a system can be configured to use a soft bind > policy. > > :-Dustin > > ** Changed in: libnss-ldap (Ubuntu) > Status: Confirmed => Incomplete > > -- > ldap config causes Ubuntu to hang at a reboot > https://bugs.launchpad.net/bugs/155947 > You received this bug notification because you are a member of Ubuntu > Directory Services, which is subscribed to libnss-ldap in ubuntu. > ** Attachment added: "unnamed" http://launchpadlibrarian.net/13304139/unnamed ** Attachment added: "common-account" http://launchpadlibrarian.net/13304140/common-account ** Attachment added: "common-auth" http://launchpadlibrarian.net/13304141/common-auth ** Attachment added: "common-password" http://launchpadlibrarian.net/13304142/common-password ** Attachment added: "common-session" http://launchpadlibrarian.net/13304143/common-session ** Attachment added: "pam_ldap.conf" http://launchpadlibrarian.net/13304144/pam_ldap.conf ** Attachment added: "libnss-ldap.conf" http://launchpadlibrarian.net/13304145/libnss-ldap.conf -- ldap config causes Ubuntu to hang at a reboot https://bugs.launchpad.net/bugs/155947 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs