Just FYI the patch has been integrated into upstream version 255.
Thanks,
Adrian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
I've found and fixed the bug (attached) which I'll forward upstream too.
The first call, it sees __config undefined, so it allocates it, tries to
read the config file, fails and returns NSS_UNAVAIL. The second
time however, __config is defined. This leads to the assertion failing.
The fix is
Stephen Frost -- 3.10.2006 22:31 --:
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
What I don't understand is why libnss-ldap.conf *needs* to be 0600 at
all. A big warning in the file (todo) and debconf placing password in
a separate file (done) should be enough, IMHO.
It needs to be 600 if
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
Stephen Frost -- 3.10.2006 22:31 --:
It needs to be 600 if you want tight control on your LDAP directory such
that everyone has to connect using a password and you don't want that
password available to everyone. libnss-ldap.conf w/ mode 600 and
Stephen Frost -- 4.10.2006 13:23 --:
I don't see the point in moving it to another file. Either you're
running nscd and it doesn't matter what libnss-ldap.conf looks like, or
you're not and therefore bindpw must be available to everyone. At most
you've moved the permission issue from
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
What I don't understand is why libnss-ldap.conf *needs* to be 0600 at
all. A big warning in the file (todo) and debconf placing password in
a separate file (done) should be enough, IMHO.
It needs to be 600 if you want tight control on your LDAP
Stephen Frost -- 30.09.2006 20:02 --:
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
It is my belief that the default configuration makes exactly the right
thing - stores the password in a separate (and protected) file. Why then
fiddle with libnss-ldap.conf's permissions at all and break things?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steinar H. Gunderson написа:
\ If you use passwords in your libnss-ldap configuration, it is usually a
good idea to have the configuration set with mode 0600 (readable and
writable only by the file's owner).
.
Note: As a sanity check,
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
Right now, if I put password in /etc/libnss-ldap.conf (and therefore
protect the file with 0600 permissions), only root can access ldap via
nss. Others get assertions. This makes the password-along-everything
setup highly unusable (to me).
It is my
On Tue, Sep 26, 2006 at 01:29:40PM +0300, Damyan Ivanov wrote:
Just wanted to confirm that changing /etc/libnss-ldap.conf's
permissions to 0644 fixes the problem.
But how did it get to 0600 in the first place? The postinst installs it to
0644... Did you ever change this? I'm unable to reproduce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steinar H. Gunderson написа:
On Tue, Sep 26, 2006 at 01:29:40PM +0300, Damyan Ivanov wrote:
Just wanted to confirm that changing /etc/libnss-ldap.conf's
permissions to 0644 fixes the problem.
But how did it get to 0600 in the first place? The
On Fri, Sep 29, 2006 at 04:36:30PM +0400, Damyan Ivanov wrote:
It asks here via debconf. Perhaps the question is asked only the first
time the package in installed. dpkg-reconfigure makes it ask the
question again.
Hm.
The template says:
_Description: make configuration readable/writeable
severity 375533 normal
tanks
On Fri, Sep 29, 2006 at 03:10:18PM +0200, Steinar H. Gunderson wrote:
So if you explicitly set it, and then stop nscd, it will break. That's not
really anything libnss-ldap can do anything about, is it?
I'm downgrading this; I can't find that it would be RC, given
Hi,
Just wanted to confirm that changing /etc/libnss-ldap.conf's
permissions to 0644 fixes the problem.
To do this properly, I had to re-configure the package
(dpkg-reconfigure libnss-ldap), since hand-fixed perms get reset on
upgrade.
Does libnss-ldap.conf need to be 0600 at all? As far as I
14 matches
Mail list logo