Package: nslcd Version: 0.7.7 Severity: important Tags: patch User: debian-...@lists.debian.org UserTags: debian-edu
I ran into this problem with Debian Edu, where we use LDAP and Kerberos together. When installing Debian Edu using debian-installer, both libpam-ldapd and libpam-krb5 is installed, causing the PAM configuration to be set up with both LDAP and Kerberos authentication, when we only want to use Kerberos. The cause is that our tasksel tasks list both libnss-ldapd and libpam-krb5 as packages to install, and this causes aptitude to install libpam-ldapd too. libpam-ldapd is pulled in because it is recommended by nslcd, and nslcd is pulled in as a dependency of libnss-ldapd. Would it be OK to change the recommend in nslcd on libpam-ldapd to a suggests, or perhaps change it to something like this: Recommends: nscd, libnss-ldapd, libpam-ldapd | libpam-krb5 | libpam-sss I would like to have libpam-sss listed there too, as we experiment with libpam-sss on roaming workstations and do not want libpam-ldapd on that profile either. :) A more scalable solution might be to introduce a virtual package for pam modules providing authentication (say pam-authentication), and use Recommends: nscd, libnss-ldapd, libpam-ldapd | pam-authentication after getting libpam-krb5 and lbipam-sss to provide such virtual package, but I am afraid we in the Debian Edu subgroup do not have time to wait for such feature to arrive as we need to have the PAM setup working properly out of the box before Squeeze freezes. I expect trying to introduce a new virtual package name will require some discussion and coordination, and probably take several months to complete. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org