Lawrence Stewart writes: > On 01/31/11 13:09, Ashish SHUKLA wrote: >> Lawrence Stewart writes: >>> On 01/31/11 00:45, Ashish SHUKLA wrote: >>>> Hi Lawrence, >>>> >>>> Lawrence Stewart writes: >>>>> Hi Ashish, >>>> >>>>> What do you think about applying the attached patch to the ejabberd >>>>> port? It installs some parts required to allow ejabberd to auth against >>>>> PAM and is working great for me. >>>> >>>> Sure, I can apply it, once ports freeze is over. I also need to update >>>> ejabberd. I'll do both together. >> >>> Sounds good, thanks. One question: in order to get PAM auth working, you >>> have to set uid root on the epam bits and chown them appropriately in >>> order to allow things to work. Should the port installation process do >>> these steps as well or should we leave them to the user? I would be >>> inclined to have the port do them so that upgrading the port doesn't >>> break PAM auth after the upgrade. We would want to print a big warning >>> at the end of the port install about the set uid security aspects though. >> >> Thanks for the mention, I suggest adding mention of setuid bit in the >> description of the OPTION. And ofcourse port is going to set the setuid bit >> during installation. >> >> And `security-check' target in bsd.port.mk will catch the setuid bit set on >> the installed executable, and will inform the user as well. So, adding a >> warning about setuid bit be redundant, IMHO.
> Updated patch attached. Feel like committing it for me? Sure. I'm doing an update to 2.1.6 this week, and will include your diff. Thanks -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ Avoid Success At All Costs !!
pgpgbgrX8nSwe.pgp
Description: PGP signature