why use pam_ldap in the session service?
One of our RHEL3 servers started segfaulting when using su; it turns
out it was because of the line
session optional /lib/security/$ISA/pam_ldap.so
in /etc/pam.d/system-auth, which Red Hat’s authconfig places there
by default.
So I tried to google for what session is for, and why you’d want to put pam_ldap in there, and came up with very little: this page from 2001 gave some hints but didn’t actually tell me what pam_ldap does for the session. Everywhere else on the internet just says “Oh add this line to your pam config.” No-one seems to know why.
So, for the meantime, it’s commented out, and things look like they’re working.
But I’m still curious; why does every PAM+LDAP guide say to do this?