[Arthur de Jong] > The only real usecase of having this option (as far as I know) would be > to expose password hashes through passwd and/or shadow lookups for > authentication. Using PAM is a much better way to do authentication > because you don't have to expose the password hashes at all and can use > any hash supported by the LDAP server.
I am not sure if that is the use case for it. The use case I know about is to get passwd passowrd changing working for the root user. For that to work, one also need to store the ldap admin password in clear text on the disk, so I never use it. The use case I care about for this bug report is that it should be possible to switch from libnss-ldap to libnss-ldapd without having to modify the configuration file manually, even if the rootbinddn was set in the configuration file for libnss-ldap. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
