Configure by default to fail, quickly, requests for supplemental group information for "root", "ldap", and assorted other users as whom services run. This patch will never be pretty. I will never be free. --- pam_ldap-180/ldap.conf 2005-08-17 18:35:13.000000000 -0400 +++ pam_ldap-180/ldap.conf 2006-02-09 14:14:05.000000000 -0500 @@ -177,6 +177,9 @@ #nss_base_aliases ou=Aliases,dc=padl,dc=com?one #nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one +# Just assume that there are no supplemental groups for these named users +nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm + # attribute/objectclass mapping # Syntax: #nss_map_attribute rfc2307attribute mapped_attribute
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
media
>
main-src
>
by-pkgid
>
f2c9a24e570f82c24fd7074143d03478
>
files
>
37
