Torsten Landschoff <torsten@debian.org> wrote:
> 1) even with libldap linked from /usr, it should be possible to remount
> that filesystem ro which would not cause any data loss
I've come across this problem before, and I was unable to remount /usr
read-only. I have no idea why.
> 2) with that explanation we would need to move every other library used
> in PAM modules to /lib as well (think libpam-mysql, libpam-pgsql, etc.)
No big deal. Nobody is going to install more than one or two PAM or NSS
modules, so /lib isn't going to get too big.
> 3) AFAIK those PAM modules are only opened for a short time when
> authenticating the user. Once the session is set up I don't expect
> them to be in memory.
The NSS modules are never unloaded.
--
Sam "Eddie" Couter | mailto:sam@couter.dropbear.id.au
Debian Developer | mailto:eddie@debian.org
| jabber:sam@jabber.topic.com.au
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgpekcImPw1S8.pgp
Description: PGP signature