Re: non-local (LDAP) users can log in without auth???

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Greg Newton <gregster [at] uvic.ca>
To: nss-pam-ldap <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: Re: non-local (LDAP) users can log in without auth???
Date: Wed, 16 Feb 2011 13:43:45 -0800

Thanks for that Arthur!

I took a shortcut to test this by installing the Ubuntu 11.04 packages(v0.7.13) on my Ubuntu 10.10 VM. Using a configuration per my originalpost it *just works*. GDM and su attempts with no password now fail!

I'll raise the issue with Ubuntu, but I thought I'd report the initialsuccess.

Cheers,
Greg

There seem to be some LDAP servers that silently fall back to anonymous
bind when logging in without a password. For this purpose in release
0.7.7 the nullok PAM option was introduced.

It may be a good idea to raise an issue in Ubuntu for this and try to
get this fixed there. Attached is a patch against 0.7.6 for the relevant
changes that landed in 0.7.7.

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

non-local (LDAP) users can log in without auth???, Greg Newton
- Re: non-local (LDAP) users can log in without auth???, Arthur de Jong
  - Re: non-local (LDAP) users can log in without auth???, Greg Newton

Prev by Date: Re: Map limit to map base option
Next by Date: uid with ":" (colon) not a valid username ?
Previous by thread: Re: non-local (LDAP) users can log in without auth???
Next by thread: Dealing with disabled/expired user account authentication