Re: Query about authinfo_unavail and user_unknown behaviour
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Query about authinfo_unavail and user_unknown behaviour
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Query about authinfo_unavail and user_unknown behaviour
- Date: Sun, 28 Sep 2014 18:10:43 +0200
On Wed, 2014-08-27 at 19:19 +0200, Berend De Schouwer wrote:
> I'm running nss-pam-ldapd against an OpenLDAP server, and I've
> encountered some unexpected behaviour. I'd like to know if this is
> as designed, or not.
>
> Expected behaviour:
>
> - nslcd down => authinfo_unavailable
> - nslcd up, ldap down => authinfo_unavailable
> - nslcd up, ldap up, record not found => user_unknown
> - nslcd up, ldap up, record found => test password
>
> Actual behaviour:
>
> - nslcd down => authinfo_unavailable
> - nslcd up, ldap down => user_unknown
> - nslcd up, ldap up, record not found => user_unknown
> - nslcd up, ldap up, record found => test password
The expected behaviour is indeed cleaner and should be the case ever
since 0.8.3. I just did some testing with 0.9.4 and pam_ldap should
return PAM_AUTHINFO_UNAVAIL if nslcd is up but the LDAP server is
unavailable (at least for auth).
The relevant change that was done is here:
http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=9798073e767026ae86e32022e9995a008a688f7e
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
