lists.arthurdejong.org
RSS feed

Re: non-local (LDAP) users can log in without auth???

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: non-local (LDAP) users can log in without auth???



Thanks for that Arthur!
I took a shortcut to test this by installing the Ubuntu 11.04 packages (v0.7.13) on my Ubuntu 10.10 VM. Using a configuration per my original post it *just works*. GDM and su attempts with no password now fail!

I'll raise the issue with Ubuntu, but I thought I'd report the initial success.
Cheers,
Greg




There seem to be some LDAP servers that silently fall back to anonymous
bind when logging in without a password. For this purpose in release
0.7.7 the nullok PAM option was introduced.

It may be a good idea to raise an issue in Ubuntu for this and try to
get this fixed there. Attached is a patch against 0.7.6 for the relevant
changes that landed in 0.7.7.

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users