Thus spake Paulo Matos: > So, we may that even if user password was wrong he would still be > able to log in? Or pam_ldap after bind anonymously, fetch the md5 > passwd and compare them (I didn't see that code in pam_ldap). Yes, the latter. That's how pam_ldap is supposed to work. It's possible that pam_ldap passes the password to another module for comparison; I've never read the code. Wil -- W. Reilly Cooley wcooley@nakedape.cc Naked Ape Consulting http://nakedape.cc LNXS: Linux/GNU for servers, networks, and http://lnxs.org people who take care of them. *Now with integrated crypto!* irc.openprojects.net #lnxs The penalty for laughing in a courtroom is six months in jail; if it were not for this penalty, the jury would never hear the evidence. -- H. L. Mencken
Attachment:
pgp00009.pgp
Description: PGP signature