Quoting Lionel LENOBLE <lenoble@xxxxxxxxxxxxxxx>:
And are you sure that *no* LDAP requests are sent on the network when you log in as root ? (by sniffing with Ethereal for example)
i also believe that this is a bit blue-eyed.
if you have set up both pam and nss to use ldap (which i have, because i want my users not only to be able to authorize but also to keep their permissions when working with files - eg "ls -l" should work) then pam_unix will send ldap-requests (because of nss);
i can completely remove all traces of pam_ldap in my pam.d-config and still authenticate against ldap;
in fact, i only really need pam_ldap to change passwords.
this means, that as long as nss/pam_unix is so full-featured ("eierlegende wollmilchsau" as we say in german) it is somehow contradictory to the pam-idea.
either this solution is really "stupid" or i have missed some important point
mfg.a.sdr IOhannes
-- IEM - network operation center mailto:noc@xxxxxx
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
