Date: Fri, 23 May 2003 09:08:46 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Frank Bonnet <bonnetf@bart.esiee.fr> Subject: Re: 5.1 beta2 still in trouble with pam_ldap Message-ID: <20030523060846.GC17107@sunbay.com> In-Reply-To: <xzpof1uy28n.fsf@flood.ping.uio.no> References: <20030522184631.A23366@bart.esiee.fr> <xzp65o2zkhf.fsf@flood.ping.uio.no> <20030522224850.GK87863@roark.gnf.org> <xzpof1uy28n.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--/e2eDi0V/xtL+Mc8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 23, 2003 at 01:45:44AM +0200, Dag-Erling Smorgrav wrote: > Gordon Tetlow <gordont@gnf.org> writes: > > Do you think it might be a good idea to turn all the pam configuration > > files to list actual providers at sufficient followed by a pam_deny: >=20 > No. I'd rather replace "sufficient" with "binding" where appropriate. >=20 > > > Solaris introduced the "binding" flag to try to alleviate this > > > problem. OpenPAM supports "binding", but does not document it > > > anywhere. > > I'm unfamiliar with this option. What's it do? >=20 > It behaves like "sufficient" should, i.e. failure is not ignored. >=20 You mean, _last_ failure is not ignored? --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --/e2eDi0V/xtL+Mc8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+zbruUkv4P6juNwoRAoAjAKCKhqwcWp7G6sOI2mVhTfEz6gQOYACfVtbi fCn/qNJL5dh7KZ46EhDQ8eI= =1Glf -----END PGP SIGNATURE----- --/e2eDi0V/xtL+Mc8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030523060846.GC17107>