[12:50] <infinity> tinoco: The "disable in samba-libs preinst, reenable in samba-libs postinst" approach would also work, but it's (a) potentially very brittle, and (b) likely next to impossible to do for pam-winbind (which probably suffers the same issue as nss-winbind). [12:51] <tinoco> infinity: my hope was that pam-auth-update (or any other mean) could remove/re-add winbind to nsswitch [12:51] <tinoco> but then.. if customer had a taylor made change of nsswitch.conf.. it would be no good [12:51] <tinoco> other choice would be to remove.. but then, if user doing the installation was coming from NSS [12:51] <tinoco> things would go bad also [12:52] <infinity> tinoco: Right, nsswitch isn't too hard, but /etc/pam.d/* is an order of magnitude worse. [12:52] <tinoco> just like you said before [12:52] <tinoco> infinity: definitely [12:52] <tinoco> i think statically compiling it for now is the best approach [12:52] <tinoco> only way without dealing with infinitive possibilities coming from pam.d/nss
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs