Arthur de Jong <adej...@debian.org> writes: Hello,
> First, the detection routines are now a little cleaner I think. All > options are read from the config, even if they don't make much sense > combined. We want to try to retain as much as possible from the > administrator's changes to the file. I have a problem with this, it override the debconf memory, if I enable SASL mechanism, then switch to simple and then switch back to SASL, some information is lost like the SASL realm. This is due to the variable reset. Maybe we should detect "enabled" configuration and override the debconf setting for them only. I'll code this and send a patch soon. > Secondly, I've changed the question grouping a bit. I've also removed > krb5keytab for now because it isn't used. > [...] > I've also simplified the back code a bit (mostly skip back to authtype). Great! > The question now is, are the questions clear enough in most common > situations? For anonymous bind and simple authentication I think it is > clear enough, but what about Kerberos authentication? Also, perhaps the > list of SASL mechs should be in a most-commonly used first order? Is the > order of the SASL questions reasonable? The actual order is from less secure to most secure, grouping by types (login/password for LOGIN to DIGEST-MD5). For most-commonly used first order, this should be GSSAPI then most secure login/password (DIGEST-MD5) to less secure one (PLAIN) and finally OTP. I added an auto mechanism but I don't know if it's usefull, this mechanism should ask all the SASL questions and the protocol will pick the right one. > I have not really looked at the other files yet (templates and > postinst). I think the questions could use some improvements but it is > also related to the question flow. I did notice that the ldap-sasl-mech > and ldap-sasl-secprops are really long. ldap-sasl-secprops is cut&past from ldap.conf manpage. > Anyway, thanks for your work. This should get reasonable close to > inclusion in the next release. Thanks, I hope this will bring nss-pam-ldapd to "best suited for SASL/LDAP environment" ;-) Regards. -- Daniel Dehennin Récupérer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
pgppOzGUojG6s.pgp
Description: PGP signature