https://bugzilla.redhat.com/show_bug.cgi?id=753027
--- Comment #11 from Florian Weimer fweimer@redhat.com --- (In reply to Mathieu Bridon from comment #9)
(In reply to Florian Weimer from comment #8)
I don't think libpq (the PostgreSQL client library) is designed to be used in a SUID process, so this PAM module is likely not entirely safe to use as the system default.
Do you mean you wouldn't recommend to introduce this package in Fedora at all?
Yes, the implementation needs to be split into a in-process stub and a separate daemon, like nss-pam-ldapd.
(I still didn't have time to resolve the selinux issues mentioned in comment 3, which might be an additional concern)
That would also help to address the SELinux issue.