Package: libpam-ldap Version: 180-1.7 Followup-For: Bug #252400 the problem reported is a design issue in the passwd access system: /etc/shadow is not world readable, so in pam_unix (when called as a normal user process) a helper process (which is setgid shadow) is used to check the passwd.
pam_ldap contains nothing like this, and I don't know if the helper process approach is the agreed way of the developers to go in the future. Intermediate workaround (not satisfying from a security standpoint): Allow the anonymous user to search your ldap accounts for the uid attribute and returning the dn attribute is enough for xsreensaver, as the passwd checking itself is done via a bind ldap call. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libpam-ldap depends on: ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries ii libldap2 2.1.30-13.3 OpenLDAP libraries ii libpam0g 0.79-5 Pluggable Authentication Modules l libpam-ldap recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
