Package: libnss-ldap Version: 238-1.1 Severity: important If /etc/libnss-ldap.conf is only root-readable, and nscd is not running, one can login to the machine, but then uid matching is not performed, leading to that kind of things:
[EMAIL PROTECTED] ~]$ ssh esperanza Password: Linux Esperanza.r3z0 2.6.15-1-parisc64-smp #2 SMP Thu Jan 19 03:41:55 UTC 2006 parisc64 [I have no [EMAIL PROTECTED] ~]$ ssh tatooine You don't exist, go away! [I have no [EMAIL PROTECTED] ~]$ ls -ld . drwxr-xr-x 12 1001 users 4096 Jan 29 23:22 . [I have no [EMAIL PROTECTED] ~]$ whoami whoami: cannot find name for user ID 1001 if libnss-ldap.conf is world readable, this problem disappears. I noticed this as nscd won't start on this machine (i'll fil a bugreport right away). I cannot tell whether that's a "feature" or a "bug", but it does look bogus anyway, and perhaps should be documented somewhere... HTH T-Bone -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: hppa (parisc64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-parisc64-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libnss-ldap depends on: ii debconf 1.4.69 Debian configuration management sy ii libc6 2.3.5-12 GNU C Library: Shared libraries an ii libldap2 2.1.30-12 OpenLDAP libraries Versions of packages libnss-ldap recommends: ii libpam-ldap 178-1sarge1 Pluggable Authentication Module al ii nscd 2.3.5-12 GNU C Library: Name Service Cache -- debconf information: * libnss-ldap/dblogin: false libnss-ldap/override: true * shared/ldapns/base-dn: dc=r3z0 * shared/ldapns/ldap-server: 192.168.69.3 * libnss-ldap/confperm: false * shared/ldapns/ldap_version: 3 libnss-ldap/binddn: cn=proxyuser,dc=example,dc=net * libnss-ldap/nsswitch: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
