Re: Removing openldap?

To: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: Removing openldap?
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 2 Oct 2014 10:25:38 -0400

On Thu, Oct 02, 2014 at 10:33:02AM +0000, Michael van Elst wrote:
> wiz%NetBSD.org@localhost (Thomas Klausner) writes:
> 
> >I think there is no particular need to have openldap in the base
> >system; I don't see any particular integration, and it puts more
> >burden of maintenance on us. I think that installing openldap from
> >pkgsrc should be good enough.
> 
> openldap is used by postfix, sshd and amd. There is also pam-ldap in
> pkgsrc that we might want to import into base.
> 
> All this is only using the client part of openldap.

I would support removing the server parts of openldap but wonder whether
this would actually reduce maintenance burden.

It would reduce attack surface on some systems.

-- 
 Thor Lancelot Simon	                                      tls%panix.com@localhost
"From the tooth paste you use in the morning to the salt on your evening meal,
it's easy to take for granted the many products brought to us with explosives."
    - Institute of Manufacturers of Explosives, "Explosives Make It Possible"

Follow-Ups:
- Re: Removing openldap?
  - From: Matthias Scheler

References:
- Removing openldap?
  - From: Thomas Klausner
- Re: Removing openldap?
  - From: Michael van Elst

Prev by Date: Re: drmkms on sandy bridge
Next by Date: Re: Removing openldap?
Previous by Thread: Re: Removing openldap?
Next by Thread: Re: Removing openldap?
Indexes:

Home | Main Index | Thread Index | Old Index