Package: pure-ftpd-ldap
Version: 1.0.19-7
Severity: important
hi,
whenever i add a new ldap-based user, i have to use {CRYPT} since using
{SSHA} or other stronger hashes make it so that the daemon cannot read the
attribute, and therefore login fails, no matter what i do. i change the
hash to {CRYPT} and login works.
this is rather serious, and i consider it a security hole, but i've set
it to 'important' since i'm using homebrew OpenLDAP for a while now
(built from .debs) and maybe pure-ftpd needs some code tweaks.
oh, curious as to when the new version will be in?
thanks,
sr/
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (1000, 'unstable'), (998, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.15-pylon.1
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Versions of packages pure-ftpd-ldap depends on:
ii libc6 2.3.5-11 GNU C Library: Shared libraries an
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libldap-2.3 [libldap2] 2.3.7-0.3 OpenLDAP libraries
ii libldap2 2.2.20-0.1 OpenLDAP libraries
ii libldap2.3-0 [libldap2] 2.3.13-0.5 OpenLDAP libraries
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8a-5 SSL shared libraries
hi pure-ftpd-common 1.0.19-7 Pure-FTPd FTP server (Common Files
pure-ftpd-ldap recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
