[Guido Günther]
> Attached patches (based on what libpam-krb5 does) add a minimum_uid
> option. That should indeed solve the issue I've had with enabling
> pam-auth-update by default. Could you spin a test in your
> environment?
Tested, and seem to work fine. :)
Thank you. :)
Happy hacking,
--
Hi Petter,
On Mon, May 03, 2010 at 11:57:05AM +0200, Petter Reinholdtsen wrote:
>
> Package: libpam-ccreds
> Version: 10-2
>
> With LDAP + ccreds set up on a laptop, I just discovered that cc_dump
> report that the root password is also cached. I believe this is a
> waste (and a minor security i
On Tue, May 04, 2010 at 11:23:16PM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > should do the trick. The "sufficient pam_unix.so" makes sure you don't
> > proceed to storing the password.
>
> Right. I believe that is not going to work for the setup I am looking
> at, because pam_group
[Guido Günther]
> should do the trick. The "sufficient pam_unix.so" makes sure you don't
> proceed to storing the password.
Right. I believe that is not going to work for the setup I am looking
at, because pam_group is needed and it is inserted as an Additional
entry leading to this configuration
HI Petter,
On Tue, May 04, 2010 at 09:17:42AM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > You're falling through to pam_ldap if auth fails. See the pam.conf
> > example in the libpam-ccreds package on howto prevent this. You only
> > proceed for unknown_user not for other auth failures.
[Guido Günther]
> You're falling through to pam_ldap if auth fails. See the pam.conf
> example in the libpam-ccreds package on howto prevent this. You only
> proceed for unknown_user not for other auth failures.
I do not know pam configuration well enough to understand what you
mean, and I am unab
Hi Petter,
On Mon, May 03, 2010 at 06:45:44PM +0200, Petter Reinholdtsen wrote:
> Indenpendent of how the pam setup should be, I believe it would be
> useful to be able to restrict the range of uids handled by ccreds. :)
>
> [Guido Günther]
> > That's a matter of your pam configuration. libpam-ccr
Indenpendent of how the pam setup should be, I believe it would be
useful to be able to restrict the range of uids handled by ccreds. :)
[Guido Günther]
> That's a matter of your pam configuration. libpam-ccreds shouldn't
> act on pam_unix at all but only on pam_ldap/Kerberos. If your
> configurat
On Mon, May 03, 2010 at 11:57:05AM +0200, Petter Reinholdtsen wrote:
>
> Package: libpam-ccreds
> Version: 10-2
>
> With LDAP + ccreds set up on a laptop, I just discovered that cc_dump
> report that the root password is also cached. I believe this is a
> waste (and a minor security issue), as t
Package: libpam-ccreds
Version: 10-2
With LDAP + ccreds set up on a laptop, I just discovered that cc_dump
report that the root password is also cached. I believe this is a
waste (and a minor security issue), as the root password already is
stored in /etc/shadow.
Can libpam-ccreds be changed to
10 matches
Mail list logo
