Subject: Re: pullup security/pam-ldap update to 2005Q2?
To: None <email@example.com>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
Date: 09/07/2005 18:38:32
> Can anyone request a pullup of the recent pam-ldap security fix to
I had considered this, but there is a difficulty: I've changed
the config file location to a more specific name to have it
nicely coexist with the recently added nss_ldap pkg.
It is probably not a good idea to have such changes within a
"stable" branch. The security vulnerability is a minor one
(it needs a manipulated LDAP server as I understand it -- if
someone is able to do this he can also supply known passwords).
If an update is considered really necessary, one might add an
INSTALL script which copies over the old setup file.
(Actually, I'm curious whether anyone uses pam-ldap at all.
It is almost useless without an nss_ldap to get at the other