Re: Help with Linux ACL issue for authentication (read vs. auth access to userPassword)

[Tony Earnshaw <tonni@billy.demon.nl>]

fre, 2002-12-13 kl. 15:24 skrev Victor Danilchenko:

> I set up an OpenLDAP server for authentication, straight by the
> book. Everything works fine with Linux clients, except that the Linux
> clients require the "access to attr=userPassword by * read", while is
> should in theory be "access to attr=userPassword by * auth" (the
> auth-only access works fine for OS/X clients, BTW). From reading the
> list archives, I gather than the problem is with the system-auth,
> specifically perhaps with the pam_unix; but I still can't figure out the
> concrete solution. I set up the client LDAP authentication with
> "authconfig" on my RHL 8.0 box.

For my part, at no place in my ACLs, for any clients whatsoever, do I
have access to userPassword by anonymous read. This would be ridiculous.
Always by anonymous auth.

Linux clients do *not* require the "access to attr=userPassword by *
read". There is nothing specific that defines "a Linux client." What is
that Linux client? Is it a Java client, a c/c++ client or a web-based
Pear/PHP4 client?

If you mean Linux PAM, then the Linux pam_ldap libraries take care of
this.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl