password change does not work: LDAP, sssd, nss or pam error?
Gordon Messmer
yinyang at eburg.com
Sat Oct 9 17:58:10 UTC 2010
On 10/09/2010 05:23 AM, Craig White wrote:
> access to *
> by anonymous auth
> by self write
> by * read
Just in case someone comes across this in the archives and doesn't read
the entire thread:
NEVER ALLOW "access to * by self write". NEVER!
If you allow DNs to write to their own attributes, your users can change
their uidNumber to 0 and become root.
More information about the users
mailing list