wasabi at larvalstage.net
Wed Apr 5 18:02:35 BST 2006
If you're using pam_unix to handle LDAP, you probably have a pretty
badly secured configuration. Means you are exposing shadow passwords
into each hosts NSS shadow table.
Those passwords should never leave the LDAP server, and the only way to
do that is to use pam_ldap or pam_krb5.
On Wed, 2006-04-05 at 17:47 +0200, Andy Rabagliati wrote:
> On Wed, 05 Apr 2006, Matthew Palmer wrote:
> > On Wed, Apr 05, 2006 at 11:12:32AM +0200, Andy Rabagliati wrote:
> > > I notice that a fairly important service for me, and the edubuntu
> > > project, libnss_ldap is still in universe.
> > >
> > > Any chance of promoting it to main for dapper ?
> > https://wiki.ubuntu.com/UbuntuMainInclusionRequirements
> I have added it in. Two 'Recommends:' -
> libpam-ldap - currently in universe
> nscd - Name Service Cache Daemon - currently in universe
> I do not think libpam-ldap is important - pam_unix has handled ldap for
> a long time without help. nscd would be handy though - maybe I should
> add that as well ?
> Cheers, Andy!
More information about the ubuntu-devel