In message <[EMAIL PROTECTED]>
so spake "Rogier Krieger" (rkrieger):
> Is there a way to open up login.conf without divulging the bindpw?
> Reading the login_ldap and login.conf man pages, I did not find any.
>
> So far, I see two possible remedies: [1] patching login_ldap to obtain
> sensitive data in a similar way as login_radius does from /etc/raddb
> or [2] make /etc/login.conf readable to the 'auth' group, as both lock
> and skeyinit have their SGID bits set.
>
> Since [2] is less intrusive, I am inclined to take that route. Are
> there any setbacks to expect? Other suggestions are more than welcome,
> of course.
I would suggest you go with [2]. There shouldn't be any real
downside.
- todd
