Re: getpeercred() on the Hurd

To: Arthur de Jong <adejong@debian.org>
Cc: debian-hurd@lists.debian.org
Subject: Re: getpeercred() on the Hurd
From: "Neal H. Walfield" <neal@walfield.org>
Date: Wed, 18 Jun 2008 12:41:48 +0200
Message-id: <[🔎] 87tzfrowib.wl%neal@walfield.org>
In-reply-to: <[🔎] Pine.LNX.4.62.0806181200440.15376@bobo.thuis.net>
References: <[🔎] 1213735756.3417.18.camel@sorbet.thuis.net> <[🔎] 87y753p2n4.wl%neal@walfield.org> <[🔎] Pine.LNX.4.62.0806181200440.15376@bobo.thuis.net>

At Wed, 18 Jun 2008 12:20:10 +0200 (CEST),
Arthur de Jong wrote:
> > One question you should consider is: why do you need this information?
> [...]
> 
> I agree with your point in general and think there are better ways to 
> do access control.
> 
> nss-ldapd is an NSS module that does lookups in an LDAP database. The NSS 
> module does not do the lookup itself (this causes a lot of headaches) but 
> offloads it to a deamon (nslcd). Most NSS calls should be no problem but 
> shadow calls pose an exception to that. The server (nslcd) will only 
> return shadow information if it can determine that the caller runs as 
> root.
> 
> So I would like to keep one socket for all requests and not mess with 
> permissions of sockets.

Sounds broken.  Good luck.

Reply to:

Follow-Ups:
- Re: getpeercred() on the Hurd
  - From: "Neal H. Walfield" <neal@walfield.org>

References:
- getpeercred() on the Hurd
  - From: Arthur de Jong <adejong@debian.org>
- Re: getpeercred() on the Hurd
  - From: "Neal H. Walfield" <neal@walfield.org>
- Re: getpeercred() on the Hurd
  - From: Arthur de Jong <adejong@debian.org>

Prev by Date: Re: getpeercred() on the Hurd
Next by Date: Re: getpeercred() on the Hurd
Previous by thread: Re: getpeercred() on the Hurd
Next by thread: Re: getpeercred() on the Hurd
Index(es):
- Date
- Thread