FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-21-2008, 07:30 PM
"Juan Asensio Sánchez"
 
Default LDAP admin password configuring libnss-ldap and libpam-ldap

Hi

I have setup a server with LDAP and Samba. Now i want to LDAP hosts
authenticate with the LDAP server too, so i have installed in each
host libnss-ldap, libpam-ldap and nscd. Everything works fine, but I
don't know why these packages need the ldap admin password. Although
the ldap.secret file is not world readable, i don't want the users
could see it with sudo. And what would happen if i change the ldap
admin password? Do I have to change it in every host?

NB: I have configured libnss-ldap without the needing of the
passwords, but I couldn't configure libpam-ldap to not use it.

Thanks in advance.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-21-2008, 08:35 PM
Alex Samad
 
Default LDAP admin password configuring libnss-ldap and libpam-ldap

On Mon, Apr 21, 2008 at 09:30:41PM +0200, Juan Asensio Sánchez wrote:
> Hi
>
> I have setup a server with LDAP and Samba. Now i want to LDAP hosts
> authenticate with the LDAP server too, so i have installed in each
> host libnss-ldap, libpam-ldap and nscd. Everything works fine, but I
> don't know why these packages need the ldap admin password. Although
> the ldap.secret file is not world readable, i don't want the users
> could see it with sudo. And what would happen if i change the ldap
> admin password? Do I have to change it in every host?

it is only used to simulate root access to accounts

can I also suggest looking at libnss-ldapd instead off libnss-ldap,
I have experienced some group resolution errors with the later,
especially with the recent move to gnutls away from openssl


>
> NB: I have configured libnss-ldap without the needing of the
> passwords, but I couldn't configure libpam-ldap to not use it.
>
> Thanks in advance.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

--
"I think --tide turning --see, as I remember --I was raised in the desert, but tides kind of --it's easy to see a tide turn --did I say those words?"

- George W. Bush
06/14/2006
Washington, DC
in response to the question "Is the tide turning in Iraq?"
 
Old 04-21-2008, 08:43 PM
"Predrag Gavrilovic"
 
Default LDAP admin password configuring libnss-ldap and libpam-ldap

It is needed for actions where local user is root, so local root
could, if necessary change users passwords in LDAP.
If that is not desirable, you do not have to use it. You can put same
name/password that you have put for ordinary lookups.


On Mon, Apr 21, 2008 at 9:30 PM, Juan Asensio Sánchez <okelet@gmail.com> wrote:
> Hi
>
> I have setup a server with LDAP and Samba. Now i want to LDAP hosts
> authenticate with the LDAP server too, so i have installed in each
> host libnss-ldap, libpam-ldap and nscd. Everything works fine, but I
> don't know why these packages need the ldap admin password. Although
> the ldap.secret file is not world readable, i don't want the users
> could see it with sudo. And what would happen if i change the ldap
> admin password? Do I have to change it in every host?
>
> NB: I have configured libnss-ldap without the needing of the
> passwords, but I couldn't configure libpam-ldap to not use it.
>
> Thanks in advance.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
 

Thread Tools




All times are GMT. The time now is 11:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org