On Mon, Jul 15, 2013, at 14:19, Jan Bramkamp wrote: > > More than that. In my opinion it should be updated by replacing nss_ldap > and pam_ldap with nss-pam-ldapd which splits the job of both into a > shared daemon talking to the LDAP server and small stubs linked into the > NSS / PAM using process talking to the local daemon. This allows useable > timeout handling and client certificates with save permissions. >
And if the daemon ever crashes, we can't login to our customer servers (assuming they nuked our local account because they have root access). That's the one issue I have with that daemon and why we haven't migrated to it. We should re-evaluate it, though. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
