problems with gnome-screensaver-dialog and ldap

Andreas Bernauer fedora at lysium.de
Fri May 25 06:09:42 UTC 2007


Eric Doutreleau wrote on Thu, May 24 2007 at 22:16 (+0200):
> our user lock their screen and when they come back they can't log in again.
> 
> indeed we have put the file /etc/ldap.conf owned by root and that can be
> only read by root as we don't want anybody can see the password and the
> account for binding.
> 
> it works quite well for gdm as gdm is run by root
> but the gnome-screensaver-dialog which read the password is run by the user
> 
> i got the following messages in the logs
> 
> May 24 15:16:41 jamaique gnome-screensaver-dialog: pam_ldap: missing
> file "/etc/ldap.conf"
> 
> Is there a way to nicely solve the problem?
> 

Given the statement from the ldap.conf(5):

       Users may create an optional configuration file, ldaprc or
       .ldaprc, in their home directory which will be used to override
       the system-wide defaults file.  The file ldaprc in the current
       working directory is also used.

Setting /etc/ldap.conf readable by root only seems overly strict to
me.  Any reasons besides paranoia?

Andreas.

-- 
http://www.lysium.de/blog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070525/51ccc953/attachment-0002.bin 


More information about the users mailing list