From owner-freebsd-current@FreeBSD.ORG Fri May 23 12:54:49 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BEC637B401; Fri, 23 May 2003 12:54:49 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id B514143F85; Fri, 23 May 2003 12:54:48 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 960BB530E; Fri, 23 May 2003 21:54:46 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Ruslan Ermilov References: <20030522184631.A23366@bart.esiee.fr> <20030522224850.GK87863@roark.gnf.org> <20030523060846.GC17107@sunbay.com> <20030523062848.GG17107@sunbay.com> <20030523193724.GA9240@sunbay.com> <20030523194909.GB11988@sunbay.com> From: Dag-Erling Smorgrav Date: Fri, 23 May 2003 21:54:45 +0200 In-Reply-To: <20030523194909.GB11988@sunbay.com> (Ruslan Ermilov's message of "Fri, 23 May 2003 22:49:09 +0300") Message-ID: User-Agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: current@FreeBSD.org Subject: Re: 5.1 beta2 still in trouble with pam_ldap X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2003 19:54:49 -0000 Ruslan Ermilov writes: > Works for the generic case, but not for this particular example. > Just run "shutdown -k now" locally, and watch how funny the login > session looks. I don't think we're leaking something here. ;) > Hm, or maybe this is just the problem with pam_nologin(8) not > respecting the "no_warn" option? hmm I think you're right - in the nologin case, information leak isn't an issue. We should change it to requisite. I need to go through the policies and change "sufficient" to "binding" anyway, so I'll take care of it once the freeze lifts. DES -- Dag-Erling Smorgrav - des@ofug.org