On 02/20/2013 12:21 AM, David Walser wrote:
David Walser <luigiwalser@...> writes:
Thierry Vignaud <thierry.vignaud@...> writes:
good luck with nslcd (if you use TLS you'll have to tell SELinux about it),
Even if you don't use SELinux?
I advise you sssd, it just work directly, one single config file to write for
both PAM & NSS...
Is that not the case for nss-pam-ldapd? I haven't investigated them yet.
I did find out that there's some security bugs in sssd though (fixed upstream):
https://bugs.mageia.org/show_bug.cgi?id=9027
Incidentally there's a security bug in nss-pam-ldapd too:
https://bugs.mageia.org/show_bug.cgi?id=9113
I'm not sure which of the three patches (two linked by upstream advisory, one
used by Debian in their update) is the right one to fix it.
I think it is simpler to move to nss-pam-ldapd, specially if you want the
minimal chages to drax* tool that sets up LDAP authentication (if there
is any, I always did it by hand...):
- same changes needed in nsswitch.conf, insert (or keep) the 'ldap' entry
- syntax of nslcd.conf is similar to ldap.conf
- just need to enable the service in systemd
--
J.A. Magallon <jamagallon()ono!com> \ Winter is coming...
