Re: getpeercred() on the Hurd
At Wed, 18 Jun 2008 12:20:10 +0200 (CEST),
Arthur de Jong wrote:
> > One question you should consider is: why do you need this information?
> [...]
>
> I agree with your point in general and think there are better ways to
> do access control.
>
> nss-ldapd is an NSS module that does lookups in an LDAP database. The NSS
> module does not do the lookup itself (this causes a lot of headaches) but
> offloads it to a deamon (nslcd). Most NSS calls should be no problem but
> shadow calls pose an exception to that. The server (nslcd) will only
> return shadow information if it can determine that the caller runs as
> root.
>
> So I would like to keep one socket for all requests and not mess with
> permissions of sockets.
Sounds broken. Good luck.
Reply to: