On Tue, Feb 07, 2017 at 09:28:18AM +0100, Arturo Borrero Gonzalez wrote: > Source: openldap > Severity: important
> Dear openldap maintainers and contributors, thanks for your work with this > package. > Please, don't use tcp-wrappers with slapd. > It has been already known for a while that this technology is obsolete [0], > and may cause a false sense of security which is even worse. > [0] https://lists.ubuntu.com/archives/ubuntu-users/2014-June/276215.html That is an opinion on a mailing list, not something which is "known". Many consider it part of a valid defense-in-depth strategy for their systems. > In some environments, this may cause other issues, for example: > slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files > slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files > slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files > slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files > slapd[7408]: warning: cannot open /etc/hosts.allow: Too many open files > slapd[7408]: warning: cannot open /etc/hosts.deny: Too many open files If people are hitting open file limits trying to open two extra files, disabling features in the codebase is not the correct solution. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
