On Sun, 18 Aug 2013 19:35:15 +0200 Arthur de Jong <adej...@debian.org> wrote:
> An alternative solution would be to also return shadow information to > non-root users but leave out the password hashes. This is what pynslcd > in experimental currently does. > > I *think* that is reasonable and don't see any security issues from > exposing the other information from the shadow database. I agree. The other shadow information is not very sensitive and I suspect that in many cases it could be accessed by directly querying the LDAP server anyways. > The ACLs are a nice idea but I don't see them happening really soon > unless someone steps up for this. That's understandable. I don't think many people need that much flexibility, so it's probably not a big deal. -- Andrew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
