also sprach Andy Parkins <andyp@leaseline.plus.com> [2004.10.30.1814 +0200]:
> * your PAM settings
PAM has nothing to do with the list of users in kdm. PAM only
authenticates. It cannot list.
> * nscd
I used that for a while but it's crap. Come over to debian-isp,
where nscd has been the topic of a thread for the past week.
> will make your problem go away. nscd acts as a nice
> root-priviliged buffer between getpwnam() calls and ldap. With
> nscd not running normal users are unable to do lookups ("getent
> passwd" will confirm), but once nscd is running everthing seems to
> be hunky dory.
nscd is not an option.
Instead, I would like KDM to use libnss properly, and not some
antiquated getgr* calls.
> auth sufficient pam_ldap.so
> auth required pam_unix.so try_first_pass
I'd use use_first_pass instead. Don't disclose information!
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature