From owner-freebsd-current@FreeBSD.ORG  Fri May 23 12:54:49 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9BEC637B401; Fri, 23 May 2003 12:54:49 -0700 (PDT)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B514143F85; Fri, 23 May 2003 12:54:48 -0700 (PDT)
	(envelope-from des@ofug.org)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 960BB530E; Fri, 23 May 2003 21:54:46 +0200 (CEST)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Ruslan Ermilov <ru@FreeBSD.org>
References: <20030522184631.A23366@bart.esiee.fr>
	<xzp65o2zkhf.fsf@flood.ping.uio.no>
	<20030522224850.GK87863@roark.gnf.org>
	<xzpof1uy28n.fsf@flood.ping.uio.no>
	<20030523060846.GC17107@sunbay.com>
	<xzp4r3mxjrx.fsf@flood.ping.uio.no>
	<20030523062848.GG17107@sunbay.com>
	<xzpr86pwx5m.fsf@flood.ping.uio.no> <20030523193724.GA9240@sunbay.com>
	<xzp1xypwiwa.fsf@flood.ping.uio.no>
	<20030523194909.GB11988@sunbay.com>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: Fri, 23 May 2003 21:54:45 +0200
In-Reply-To: <20030523194909.GB11988@sunbay.com> (Ruslan Ermilov's message
 of "Fri, 23 May 2003 22:49:09 +0300")
Message-ID: <xzpu1blv3p6.fsf@flood.ping.uio.no>
User-Agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: current@FreeBSD.org
Subject: Re: 5.1 beta2 still in trouble with pam_ldap
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2003 19:54:49 -0000

Ruslan Ermilov <ru@FreeBSD.org> writes:
> Works for the generic case, but not for this particular example.
> Just run "shutdown -k now" locally, and watch how funny the login
> session looks.  I don't think we're leaking something here.  ;)
> Hm, or maybe this is just the problem with pam_nologin(8) not
> respecting the "no_warn" option?

hmm

I think you're right - in the nologin case, information leak isn't an
issue.  We should change it to requisite.  I need to go through the
policies and change "sufficient" to "binding" anyway, so I'll take
care of it once the freeze lifts.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org