Date: Mon, 15 Jul 2013 14:25:03 -0500 From: Mark Felder <feld@freebsd.org> To: freebsd-stable@freebsd.org Subject: Re: LDAP authentication confusion Message-ID: <1373916303.17449.140661255966229.44609E69@webmail.messagingengine.com> In-Reply-To: <51E44B55.6030005@rlwinm.de> References: <Pine.GSO.4.64.1307151438370.8901@sea.ntplx.net> <CAHDg04v8xV-yaCXDzSbOzWEvHRMhDy8x0A=B2eho4iK4b1UuJA@mail.gmail.com> <Pine.GSO.4.64.1307151507130.8901@sea.ntplx.net> <51E44B55.6030005@rlwinm.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 15, 2013, at 14:19, Jan Bramkamp wrote: > > More than that. In my opinion it should be updated by replacing nss_ldap > and pam_ldap with nss-pam-ldapd which splits the job of both into a > shared daemon talking to the LDAP server and small stubs linked into the > NSS / PAM using process talking to the local daemon. This allows useable > timeout handling and client certificates with save permissions. > And if the daemon ever crashes, we can't login to our customer servers (assuming they nuked our local account because they have root access). That's the one issue I have with that daemon and why we haven't migrated to it. We should re-evaluate it, though.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1373916303.17449.140661255966229.44609E69>