Re: pam_ldap and nss_ldap : checken and egg problem with "wheel"
Why not have /etc/group be authoritive for wheel (an thus have a list
of local superusers).
And use sudo with an ldap based group for everything else.
Ren矇
On Sat, 24 Sep 2011 14:03:32 +0200, Dag-Erling Sm繪rgrav wrote:
> Lev Serebryakov <lev@FreeBSD.org> writes:
>> Dag-Erling <des@des.no> writes:
>> > Did you try changing the priority in /etc/nsswitch.conf?
>> It gives very long boot time, as nss_ldap waits for answer from
>> non-started server, again and again, etc.
>
> The only solution I can think of is to try to figure out how to
> reduce
> or eliminate this delay, because the system is doing exactly what you
> asked it to, i.e. treating /etc/group as authoritative and using LDAP
> only for groups it can't find there.
>
> DES
--
Ren矇 de Vries
rene@canyon.xs4all.nl
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 8 篇):