I am Ccing the DSA team, because this affect them most... On Mon, May 2, 2011 at 19:54, Julien Cristau <jcris...@debian.org> wrote: > On Mon, May 2, 2011 at 14:30:13 +0200, Ondřej Surý wrote: > >> One alternative would be to adopt the package both in debian and as a >> upstream (or convince (e)glibc people to pick it up) and care about it >> if it's important for Debian. >> >> I don't know the Debian infrastructure enough to be able to answer the >> question, but wouldn't libnss-ldap do the job - DD accounts are stored >> in LDAP, aren't they? >> > AIUI libnss-ldap means if your connection to the ldap server goes down > temporarily for some reason you're locked out until it comes back. That > seems bad for a setup like debian's which is heavily distributed. So > currently the account data is synchronized with ud-replicate and cron, > and imported into bdb files for libnss-db use.
Well, libnss-ldap(d) + NSCD could do the trick for short offline periods (with HA LDAP setup). http://wiki.debian.org/LDAP/NSS Same for PAM+LDAP: http://wiki.debian.org/LDAP/PAM However I am not strongly pushing one way (the upstream-adoption) or another (the ldap+nscd) - however I feel that depending on unmaintained software with a year-old security bug isn't really a good option. O. -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
