On Mon, Sep 23, 2002 at 10:54:00AM +0200, Torsten Landschoff wrote: > I got a bug report on libldap2 which requests to move the libraries to > /lib, as /usr can not be unmounted when using PAM/NSS and LDAP (#159771). > I don't think this is a good idea. > 1) even with libldap linked from /usr, it should be possible to remount > that filesystem ro which would not cause any data loss > 2) with that explanation we would need to move every other library used > in PAM modules to /lib as well (think libpam-mysql, libpam-pgsql, etc.) > 3) AFAIK those PAM modules are only opened for a short time when > authenticating the user. Once the session is set up I don't expect > them to be in memory. $ for F in /lib/security/*; do ldd $F | grep -q /usr/lib && echo $F; done /lib/security/pam_krb5.so /lib/security/pam_smbpass.so /lib/security/pam_userdb.so $ Plenty of precedent for leaving libraries in /usr/lib when used by PAM modules -- and pam_ldap would not be my first choice for a PAM module to do this with, since there are plenty of better authentication schemes out there than the one LDAP provides. Steve Langasek postmodern programmer
Attachment:
pgpnLR2roclW9.pgp
Description: PGP signature