tags 368297 + wheezy-ignore user release.debian....@packages.debian.org usertag 368297 + wheezy-can-defer
On Fri, Jan 25, 2013 at 00:44:21 +0100, Carlos Alberto Lopez Perez wrote:
> When sudo/su/passwd/<insert-any-setuid-program-that-calls-getpwent()> on
> a system configured with PAM/LDAPs it chains into libldap, which uses
> GnuTLS/libgcrypt to manage the TLS channel.
>
So I've tried to reproduce that, by installing sudo-ldap, slapd,
lib{nss,pam}-ldap, ssl-cert and configuring stuff to use
ldaps://localhost. Seems like things work when the user is in
/etc/passwd, and fail if they're in ldap.
The failure goes away when switching to lib{nss,pam}-ldapd, which was
already the recommended workaround for this bug in squeeze.
I understand that some use cases aren't supported by this alternative,
but:
- AIUI this was already the case in squeeze
- the way forward is probably to improve on them, for jessie, not try
and keep lib{nss,pam}-ldap around indefinitely
Cheers,
Julien
signature.asc
Description: Digital signature
