[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#624768: RM: libnss-db/2.2.3pre1-3.1

I am Ccing the DSA team, because this affect them most...

On Mon, May 2, 2011 at 19:54, Julien Cristau <jcristau@debian.org> wrote:
> On Mon, May  2, 2011 at 14:30:13 +0200, Ondřej Surý wrote:
>> One alternative would be to adopt the package both in debian and as a
>> upstream (or convince (e)glibc people to pick it up) and care about it
>> if it's important for Debian.
>> I don't know the Debian infrastructure enough to be able to answer the
>> question, but wouldn't libnss-ldap do the job - DD accounts are stored
>> in LDAP, aren't they?
> AIUI libnss-ldap means if your connection to the ldap server goes down
> temporarily for some reason you're locked out until it comes back.  That
> seems bad for a setup like debian's which is heavily distributed.  So
> currently the account data is synchronized with ud-replicate and cron,
> and imported into bdb files for libnss-db use.

Well, libnss-ldap(d) + NSCD could do the trick for short offline
periods (with HA LDAP setup).


Same for PAM+LDAP:


However I am not strongly pushing one way (the upstream-adoption) or
another (the ldap+nscd) - however I feel that depending on
unmaintained software with a year-old security bug isn't really a good

Ondřej Surý <ondrej@sury.org>

Reply to: