This also affects setups where with TLS certificate validation (client and server), nscd is used as a 'proxy' and no certificates are readable to the users (not even per-user .ldaprc). The only solution would be having a gnome-screensaver master process which validates passwords as root (could be ugly and undoable) or using a pam module that wraps using a suid app (like pam_unix does with check_unixpwd but only for ldap, since pam_ldap runs as the invoking user..and rightly so).
So this is a very specific scenario that needs some code love, and yes as pointed out every distribution is affected as well.
This also affects setups where with TLS certificate validation (client and server), nscd is used as a 'proxy' and no certificates are readable to the users (not even per-user .ldaprc). The only solution would be having a gnome-screensaver master process which validates passwords as root (could be ugly and undoable) or using a pam module that wraps using a suid app (like pam_unix does with check_unixpwd but only for ldap, since pam_ldap runs as the invoking user..and rightly so).
So this is a very specific scenario that needs some code love, and yes as pointed out every distribution is affected as well.