* Damyan Ivanov ([EMAIL PROTECTED]) wrote: > Stephen Frost -- 3.10.2006 22:31 --: > > It needs to be 600 if you want tight control on your LDAP directory such > > that everyone has to connect using a password and you don't want that > > password available to everyone. libnss-ldap.conf w/ mode 600 and nscd > > works quite well for this. > > Ah, I see. You're talking about bindbw setting (I was talking about > rootpw).
rootpw is only for when you're doing NSS calls *as root*. If you're
doing NSS calls as root then you've got access to the appropriate files
already (which is why it makes sense to have a seperate file for that
which is only available to root).
> Can bindpw be also moved to separate file? This would make fiddling
> with libnss-ldap.conf permissions unnecessary and as fas as I can see
> would work for everybody.
I don't see the point in moving it to another file. Either you're
running nscd and it doesn't matter what libnss-ldap.conf looks like, or
you're not and therefore bindpw must be available to everyone. At most
you've moved the permission issue from libnss-ladp.conf to whatever the
new file is.
Enjoy,
Stephen
signature.asc
Description: Digital signature
