From owner-freebsd-current@FreeBSD.ORG Thu May 22 23:09:25 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71EFD37B401 for ; Thu, 22 May 2003 23:09:25 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1312143F85 for ; Thu, 22 May 2003 23:09:22 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h4N68xEd020181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 May 2003 09:08:59 +0300 (EEST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h4N68kd7020163; Fri, 23 May 2003 09:08:46 +0300 (EEST) (envelope-from ru) Date: Fri, 23 May 2003 09:08:46 +0300 From: Ruslan Ermilov To: Dag-Erling Smorgrav Message-ID: <20030523060846.GC17107@sunbay.com> References: <20030522184631.A23366@bart.esiee.fr> <20030522224850.GK87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/e2eDi0V/xtL+Mc8" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i cc: freebsd-current@freebsd.org cc: Frank Bonnet Subject: Re: 5.1 beta2 still in trouble with pam_ldap X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2003 06:09:25 -0000 --/e2eDi0V/xtL+Mc8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote: > Gordon Tetlow writes: > > Do you think it might be a good idea to turn all the pam configuration > > files to list actual providers at sufficient followed by a pam_deny: >=20 > No. I'd rather replace "sufficient" with "binding" where appropriate. >=20 > > > Solaris introduced the "binding" flag to try to alleviate this > > > problem. OpenPAM supports "binding", but does not document it > > > anywhere. > > I'm unfamiliar with this option. What's it do? >=20 > It behaves like "sufficient" should, i.e. failure is not ignored. >=20 You mean, _last_ failure is not ignored? --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --/e2eDi0V/xtL+Mc8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+zbruUkv4P6juNwoRAoAjAKCKhqwcWp7G6sOI2mVhTfEz6gQOYACfVtbi fCn/qNJL5dh7KZ46EhDQ8eI= =1Glf -----END PGP SIGNATURE----- --/e2eDi0V/xtL+Mc8--