Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

To: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Cc: debian developers <debian-devel@lists.debian.org>
Subject: Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
From: Brian May <brian@microcomaustralia.com.au>
Date: Fri, 31 May 2013 20:57:37 +1000
Message-id: <[🔎] CAA0ZO6CHGG3kYs1sC1LAV1-cdcNEkeBD60Axz5iz6v4VrVZmRg@mail.gmail.com>
In-reply-to: <[🔎] CAE2SPAZib3iEZzLA-sd3r0Ft7FF6pdXKvKRZgXdsN1D7Fozcsg@mail.gmail.com>
References: <[🔎] 519F41BD.10108@nikhef.nl> <[🔎] 20130525122708.GA29404@falafel.plessy.net> <[🔎] CAE2SPAZaV0px6cSDYP1CZxHEs0qJZBm+mEBGztaFH6+Vc9bCuA@mail.gmail.com> <[🔎] 51A72EE6.7040808@nikhef.nl> <[🔎] CAE2SPAa4BN36E02xMYraDy7P7JKLN6Cbm+ncLYn1j-yz-F+DAw@mail.gmail.com> <[🔎] 51A74103.5040005@nikhef.nl> <[🔎] CAE2SPAb+v+nGXSsTGun95d7T2JU2iSgwgujj-S5JOzvW8209Zg@mail.gmail.com> <[🔎] 20130531024208.GL261986@vauxhall.crustytoothpaste.net> <[🔎] CAE2SPAZib3iEZzLA-sd3r0Ft7FF6pdXKvKRZgXdsN1D7Fozcsg@mail.gmail.com>

On 31 May 2013 20:19, Bastien ROUCARIES <roucaries.bastien@gmail.com> wrote:

Gnutls is really crappy about suid
see http://lists.debian.org/debian-devel/2010/03/msg00298.html

2+ years later or 2 Debian releases later, I would have hoped these issues would be, somehow, magically, fixed by now :-(

Basically makes libpam-ldap + TLS broken with certain programs.

libnss-ldap is probably also broken, but seems you should be using libnss-ldapd these days which may (?) avoid these problems.

(I stopped using LDAP for authentication as a direct result of these problems - hardly a good selling point for Debian; so if something has changed I may not have noticed)

--
Brian May <brian@microcomaustralia.com.au>

Reply to:

References:
- X.509 and CA certificates for other purposes (i.e. the IGTF)
  - From: Dennis van Dok <dennisvd@nikhef.nl>
- Re: X.509 and CA certificates for other purposes (i.e. the IGTF)
  - From: Charles Plessy <plessy@debian.org>
- Re: X.509 and CA certificates for other purposes (i.e. the IGTF)
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: X.509 and CA certificates for other purposes (i.e. the IGTF)
  - From: Dennis van Dok <dennisvd@nikhef.nl>
- Re: X.509 and CA certificates for other purposes (i.e. the IGTF)
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
  - From: Dennis van Dok <dennisvd@nikhef.nl>
- Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
  - From: "brian m. carlson" <sandals@crustytoothpaste.net>
- Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Prev by Date: Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
Next by Date: Re: default MTA
Previous by thread: Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
Next by thread: Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))
Index(es):
- Date
- Thread