[CentOS] Re: pam_ldap + nscd
craigwhite at azapple.com
Mon Oct 8 01:37:28 UTC 2007
On Sun, 2007-10-07 at 12:23 +0200, Felix Schwarz wrote:
> Steve Rigler schrieb:
> > It has a lot to do with user root if you use rootbinddn in
> > "/etc/ldap.conf" and put the password into "/etc/ldap.secret" which
> > should only be readable by root.
> You are right but I even set the permissions on ldap.secret to 0644 to be sure
> that there are no acl problems. I expected that nscd would use rootbinddn if
> ldap.secret was readable for the user "nscd".
> PS: This was on a test machine, I won't ever make ldap.secret world readable in
> a production environment.
Why would nscd need to bind on it's own to ldap? Perhaps it's because I
don't normally use nscd but I can't see any reason for it to do so.
Either a user or service binds to LDAP with it's own credentials or it
fails and nscd shouldn't need it's own set of credentials. Perhaps
someone can tech me something here.
More information about the CentOS