17 Dec
2009
17 Dec
'09
6:47 p.m.
On Thu, 17 Dec 2009, Devin Reade wrote:
If you're going to be doing LDAP-based authentication on the server that is running the LDAP server, watch out for this bug, which has been around since at least FC5. It's still a problem as of FC10: https://bugzilla.redhat.com/show_bug.cgi?id=182464
I disagree that this is a bug. It's not a problem if you configure ldap.conf properly. For example, using
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus
Actually, if this is in a business setting, and esp. if they're in server rooms, turn *off* avahi-daemon, and fix iptables so that there's no hole for it.
mark