Dear list... someone (curse you, Matthijs) motivated me to dump NIS in favor of LDAP for user accounts on my small home net. Good thing I did it during my vacation because it's not as trivial as I hoped.
I'm unhappy with the outcome of the bug #298148 (kdebase-bin: kcheckpass needs setuid bit for ldap authentication). When using libnss-ldap and libpam-ldap (optionally) people who lock their screen in KDE will not be able to unlock the screen and may (like me) lose data because they finally give up and Ctrl+Alt+Backspace. :( It turned out that unlocking the screen currently only works if the /usr/bin/kcheckpass binary is made setuid root. I don't like to just reopen that bug but IMO users should be made aware of that problem. There are several possible ways: - generally setting it setuid root by default (security risk but a solution without user interaction) - a debconf question of kdebase-bin setting the binary setuid root (does not help if KDE is installed and users later decide to use LDAP because the question doesn't get asked) - a debconf warning in libnss-ldap (a good place IMO although it's not the fault of libnss-ldap) - doing nothing (current state) (wastes users' time and may eventually make them give up with LDAP or KDE) This problem shouldn't be too uncommon because KDE and LDAP sounds to me like it could be an organisations standard desktop client. By the way: having "nscd" installed gives different error messages but the problem is the same. Cheers Christoph -- ~ ~ ".signature" [Modified] 1 line --100%-- 1,48 All -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]