Date: Mon, 26 Sep 2011 13:07:09 +0200 From: Rene de Vries <rene@canyon.xs4all.nl> To: <freebsd-security@freebsd.org> Subject: Re: pam_ldap and nss_ldap : checken and egg problem with "wheel" group and "su" utility Message-ID: <fdcf96078c3af70fcb7ca89a20d747d8@canyon.xs4all.nl> In-Reply-To: <86r5369mgb.fsf@ds4.des.no> References: <679126918.20110922121706@serebryakov.spb.ru> <86d3esy554.fsf@ds4.des.no> <964986730.20110923230802@serebryakov.spb.ru> <86r5369mgb.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Why not have /etc/group be authoritive for wheel (an thus have a list of local superusers). And use sudo with an ldap based group for everything else. René On Sat, 24 Sep 2011 14:03:32 +0200, Dag-Erling Smørgrav wrote: > Lev Serebryakov <lev@FreeBSD.org> writes: >> Dag-Erling <des@des.no> writes: >> > Did you try changing the priority in /etc/nsswitch.conf? >> It gives very long boot time, as nss_ldap waits for answer from >> non-started server, again and again, etc. > > The only solution I can think of is to try to figure out how to > reduce > or eliminate this delay, because the system is doing exactly what you > asked it to, i.e. treating /etc/group as authoritative and using LDAP > only for groups it can't find there. > > DES -- René de Vries rene@canyon.xs4all.nl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fdcf96078c3af70fcb7ca89a20d747d8>