Date: Fri, 23 May 2003 09:08:46 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Frank Bonnet <bonnetf@bart.esiee.fr> Subject: Re: 5.1 beta2 still in trouble with pam_ldap Message-ID: <20030523060846.GC17107@sunbay.com> In-Reply-To: <xzpof1uy28n.fsf@flood.ping.uio.no> References: <20030522184631.A23366@bart.esiee.fr> <xzp65o2zkhf.fsf@flood.ping.uio.no> <20030522224850.GK87863@roark.gnf.org> <xzpof1uy28n.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote: > Gordon Tetlow <gordont@gnf.org> writes: > > Do you think it might be a good idea to turn all the pam configuration > > files to list actual providers at sufficient followed by a pam_deny: > > No. I'd rather replace "sufficient" with "binding" where appropriate. > > > > Solaris introduced the "binding" flag to try to alleviate this > > > problem. OpenPAM supports "binding", but does not document it > > > anywhere. > > I'm unfamiliar with this option. What's it do? > > It behaves like "sufficient" should, i.e. failure is not ignored. > You mean, _last_ failure is not ignored? -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+zbruUkv4P6juNwoRAoAjAKCKhqwcWp7G6sOI2mVhTfEz6gQOYACfVtbi fCn/qNJL5dh7KZ46EhDQ8eI= =1Glf -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030523060846.GC17107>