Eric Doutreleau wrote on Thu, May 24 2007 at 22:16 (+0200):
> our user lock their screen and when they come back they can't log in again.
>
> indeed we have put the file /etc/ldap.conf owned by root and that can be
> only read by root as we don't want anybody can see the password and the
> account for binding.
>
> it works quite well for gdm as gdm is run by root
> but the gnome-screensaver-dialog which read the password is run by the user
>
> i got the following messages in the logs
>
> May 24 15:16:41 jamaique gnome-screensaver-dialog: pam_ldap: missing
> file "/etc/ldap.conf"
>
> Is there a way to nicely solve the problem?
>
Given the statement from the ldap.conf(5):
Users may create an optional configuration file, ldaprc or
.ldaprc, in their home directory which will be used to override
the system-wide defaults file. The file ldaprc in the current
working directory is also used.
Setting /etc/ldap.conf readable by root only seems overly strict to
me. Any reasons besides paranoia?
Andreas.
--
http://www.lysium.de/blog
Attachment:
pgpgSGIVJqncx.pgp
Description: PGP signature
