[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
> Yes, this is intentional;
> nss_ldap and pam_ldap provide the same base options,
> and their specific options are prefixed with nss_ and pam_ respectively.
Yes, I'm aware of this. But I think then pkgsrc should provide a template
ldap.conf that contains all the nss_ AND pam_ options.
And the MESSAGE should point out that updating from a former version needs
updating the config file.
> I guess the author's idea was to integrate with OpenLDAP's ldap.conf,
> but our (pkgsrc) OpenLDAP installs ldap.conf in etc/openldap.
> The benefit of this approach is, for example: when your server's
> parameters has changed, you have only to edit one configuration file.
Yes, I agree this is a benefit. But the drawbacks are:
1. updating can leave your machine in a state where you have to go single-user
in order to regain access (because PAM fails and/or NSS doesn't know you).
2. every user using both pam_ldap and nss_ldap has to merge the two example
configs into one.
The first point can be addressed with a MESSAGE file.
While the second is clearly the upstream author's responsibility, I think it
should nevertheless be patch-fixed in pkgsrc.
Main Index |
Thread Index |