Just FYI the patch has been integrated into upstream version 255.
Thanks,
Adrian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I've found and fixed the bug (attached) which I'll forward upstream too.
The first call, it sees __config undefined, so it allocates it, tries to
read the config file, fails and returns NSS_UNAVAIL. The second
time however, __config is defined. This leads to the assertion failing.
The fix is jus
Stephen Frost -- 4.10.2006 13:23 --:
> I don't see the point in moving it to another file. Either you're
> running nscd and it doesn't matter what libnss-ldap.conf looks like, or
> you're not and therefore bindpw must be available to everyone. At most
> you've moved the permission issue from lib
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
> Stephen Frost -- 3.10.2006 22:31 --:
> > It needs to be 600 if you want tight control on your LDAP directory such
> > that everyone has to connect using a password and you don't want that
> > password available to everyone. libnss-ldap.conf w/ mode 600
Stephen Frost -- 3.10.2006 22:31 --:
> * Damyan Ivanov ([EMAIL PROTECTED]) wrote:
>> What I don't understand is why libnss-ldap.conf *needs* to be 0600 at
>> all. A big warning in the file (todo) and debconf placing password in
>> a separate file (done) should be enough, IMHO.
>
> It needs to be
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
> What I don't understand is why libnss-ldap.conf *needs* to be 0600 at
> all. A big warning in the file (todo) and debconf placing password in
> a separate file (done) should be enough, IMHO.
It needs to be 600 if you want tight control on your LDAP dire
Stephen Frost -- 30.09.2006 20:02 --:
> * Damyan Ivanov ([EMAIL PROTECTED]) wrote:
>> It is my belief that the default configuration makes exactly the right
>> thing - stores the password in a separate (and protected) file. Why then
>> fiddle with libnss-ldap.conf's permissions at all and break thi
* Damyan Ivanov ([EMAIL PROTECTED]) wrote:
> Right now, if I put password in /etc/libnss-ldap.conf (and therefore
> protect the file with 0600 permissions), only root can access ldap via
> nss. Others get assertions. This makes the password-along-everything
> setup highly unusable (to me).
>
> It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steinar H. Gunderson написа:
\> If you use passwords in your libnss-ldap configuration, it is usually a
> good idea to have the configuration set with mode 0600 (readable and
> writable only by the file's owner).
> .
> Note: As a sanity check
severity 375533 normal
tanks
On Fri, Sep 29, 2006 at 03:10:18PM +0200, Steinar H. Gunderson wrote:
> So if you explicitly set it, and then stop nscd, it will break. That's not
> really anything libnss-ldap can do anything about, is it?
I'm downgrading this; I can't find that it would be RC, given
On Fri, Sep 29, 2006 at 04:36:30PM +0400, Damyan Ivanov wrote:
> It asks here via debconf. Perhaps the question is asked only the first
> time the package in installed. dpkg-reconfigure makes it ask the
> question again.
Hm.
The template says:
_Description: make configuration readable/writeabl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steinar H. Gunderson написа:
> On Tue, Sep 26, 2006 at 01:29:40PM +0300, Damyan Ivanov wrote:
>> Just wanted to confirm that changing /etc/libnss-ldap.conf's
>> permissions to 0644 fixes the problem.
>
> But how did it get to 0600 in the first place?
On Tue, Sep 26, 2006 at 01:29:40PM +0300, Damyan Ivanov wrote:
> Just wanted to confirm that changing /etc/libnss-ldap.conf's
> permissions to 0644 fixes the problem.
But how did it get to 0600 in the first place? The postinst installs it to
0644... Did you ever change this? I'm unable to reproduc
Hi,
Just wanted to confirm that changing /etc/libnss-ldap.conf's
permissions to 0644 fixes the problem.
To do this properly, I had to re-configure the package
(dpkg-reconfigure libnss-ldap), since hand-fixed perms get reset on
upgrade.
Does libnss-ldap.conf need to be 0600 at all? As far as I se
14 matches
Mail list logo
