[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: getpeercred() on the Hurd

At Wed, 18 Jun 2008 12:20:10 +0200 (CEST),
Arthur de Jong wrote:
> > One question you should consider is: why do you need this information?
> [...]
> I agree with your point in general and think there are better ways to 
> do access control.
> nss-ldapd is an NSS module that does lookups in an LDAP database. The NSS 
> module does not do the lookup itself (this causes a lot of headaches) but 
> offloads it to a deamon (nslcd). Most NSS calls should be no problem but 
> shadow calls pose an exception to that. The server (nslcd) will only 
> return shadow information if it can determine that the caller runs as 
> root.
> So I would like to keep one socket for all requests and not mess with 
> permissions of sockets.

Sounds broken.  Good luck.

Reply to: