From owner-freebsd-current@FreeBSD.ORG  Thu May 22 23:09:25 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 71EFD37B401
	for <freebsd-current@freebsd.org>;
	Thu, 22 May 2003 23:09:25 -0700 (PDT)
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua
	[212.110.138.65])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1312143F85
	for <freebsd-current@freebsd.org>;
	Thu, 22 May 2003 23:09:22 -0700 (PDT)
	(envelope-from ru@whale.sunbay.crimea.ua)
Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1])
	h4N68xEd020181
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 23 May 2003 09:08:59 +0300 (EEST)
	(envelope-from ru@whale.sunbay.crimea.ua)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h4N68kd7020163;
	Fri, 23 May 2003 09:08:46 +0300 (EEST)
	(envelope-from ru)
Date: Fri, 23 May 2003 09:08:46 +0300
From: Ruslan Ermilov <ru@freebsd.org>
To: Dag-Erling Smorgrav <des@ofug.org>
Message-ID: <20030523060846.GC17107@sunbay.com>
References: <20030522184631.A23366@bart.esiee.fr>
	<xzp65o2zkhf.fsf@flood.ping.uio.no> <20030522224850.GK87863@roark.gnf.org>
	<xzpof1uy28n.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="/e2eDi0V/xtL+Mc8"
Content-Disposition: inline
In-Reply-To: <xzpof1uy28n.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.5.4i
cc: freebsd-current@freebsd.org
cc: Frank Bonnet <bonnetf@bart.esiee.fr>
Subject: Re: 5.1 beta2 still in trouble with pam_ldap
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2003 06:09:25 -0000


--/e2eDi0V/xtL+Mc8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote:
> Gordon Tetlow <gordont@gnf.org> writes:
> > Do you think it might be a good idea to turn all the pam configuration
> > files to list actual providers at sufficient followed by a pam_deny:
>=20
> No.  I'd rather replace "sufficient" with "binding" where appropriate.
>=20
> > > Solaris introduced the "binding" flag to try to alleviate this
> > > problem.  OpenPAM supports "binding", but does not document it
> > > anywhere.
> > I'm unfamiliar with this option. What's it do?
>=20
> It behaves like "sufficient" should, i.e. failure is not ignored.
>=20
You mean, _last_ failure is not ignored?

--=20
Ruslan Ermilov		Sysadmin and DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

--/e2eDi0V/xtL+Mc8
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+zbruUkv4P6juNwoRAoAjAKCKhqwcWp7G6sOI2mVhTfEz6gQOYACfVtbi
fCn/qNJL5dh7KZ46EhDQ8eI=
=1Glf
-----END PGP SIGNATURE-----

--/e2eDi0V/xtL+Mc8--