Adams, Samuel D Contr AFRL/HEDR wrote: > Does anyone know what the minimum set of attributes are that need to be > anonymously readable and still allow the OpenLDAP PAM client to > authenticate? > Well, if you want everything to work, you'll need access to any data that would normally be available via a passwd file: shell, home, gecos, uid, username, primary group id in addition to some other data relating to password policy. PAM needs much of that stuff _before_ a bind is initiated. Just watch the access log during a login. > I tried to lock it down to only allow username, but that was too > restrictive. Now I just have it restricting only the userPassword, but > I thing there is room for further tightening. > > > > Sam Adams > > General Dynamics - Information Technology > > Phone: 210.536.5945 > > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
