One of our RHEL3 servers started segfaulting when using su; it turns
out it was because of the line
session optional /lib/security/$ISA/pam_ldap.so
in /etc/pam.d/system-auth, which Red Hat’s authconfig places there
by default.
So I tried to google for what session is for, and why you’d want to
put pam_ldap in there, and came up with very little: this page from
2001 gave some hints
but didn’t actually tell me what pam_ldap does for the session.
Everywhere else on the internet just says “Oh add this line to your
pam config.” No-one seems to know why.
So, for the meantime, it’s commented out, and things look like they’re
working.
But I’m still curious; why does every PAM+LDAP guide say to do this?