On Mi, 04.07.18 13:03, Lennart Poettering ([email protected]) wrote:
> I'll add a brief note about this to the NEWS file, since this might be
> something other folks using network-facing NSS modules might run into.
>
> It might be worth finding a way to turn off nss-resolve automatically
> w
On Mi, 04.07.18 14:50, Mantas Mikulėnas ([email protected]) wrote:
> (I think glibc's nscd should also not be forgotten, since it offloads *all*
> modules into a single caching daemon. Would have protected against last
> year's glibc libnss_dns CVE, I'm sure.)
glibc's nscd is not really useful as
On Mi, 04.07.18 14:05, Vlad ([email protected]) wrote:
> Lennart,
>
> Thanks for all the information amd explanation! Below is all the details:
> - systemd-239
> - systemd-resolve as well ass all systemd related users are defined in
> /etc/passwd
> - nss_ldap is configured via nss_initgroups_ignoreu
On Wed, Jul 4, 2018 at 3:22 PM Vlad wrote:
> Mantas,
>
> I'm aware of all the software you mentioned, but there's a few things to
> consider:
> - nslcd is quite old and personally I don't think it's the way to go
>
Well, the original nss_ldap is also quite old, and we don't think it's the
way to
Mantas,
I'm aware of all the software you mentioned, but there's a few things to
consider:
- nslcd is quite old and personally I don't think it's the way to go
- the glibc's nscd wouldn't help in this case and will bring just
troubles (based as well on my experiences). More and more admins (since
Lennart,
Thanks for all the information amd explanation! Below is all the details:
- systemd-239
- systemd-resolve as well ass all systemd related users are defined in
/etc/passwd
- nss_ldap is configured via nss_initgroups_ignoreusers to not lookup
groups fro all system related users include all
On Wed, Jul 4, 2018 at 2:03 PM Lennart Poettering
wrote:
> I am pretty sure it's not the best design today that nss-ldap inserts
> a complex, network facing piece of code into all kinds of system
> processes the way it does, even the most benign ones such as
> "ls". This is security sensitive stu
On Di, 03.07.18 22:16, Vlad ([email protected]) wrote:
> Hello,
>
> It looks like the combination of systemd-resolved service for DNS name
> resolution with nss_ldap hangs the system during boot. Particularly the
> following configuration in nsswitch.conf leads to boot problem:
Which systemd versio
Hello,
It looks like the combination of systemd-resolved service for DNS name
resolution with nss_ldap hangs the system during boot. Particularly the
following configuration in nsswitch.conf leads to boot problem:
===
passwd: files ldap
group: files ldap
hosts:
