Package: libpam-ldap
Version: 184-8.5
Severity: normal
I used debconf to configure this package and, after telling it binddn would be
needed, the password got saved in /etc/pam_ldap.conf file, which is world
readable by default. The only way to access our ldap database is authenticating
with binddn. If I change permission of pam_ldap.conf to 600 it doesn't work
either.
Perhaps it's a missunderstanding of my part. Is that password meant to be public
like that? It strikes me as strange, however I couldn't find much info on the
package, I'm not sure even who's the upstream. By reading
/usr/share/doc/libpam-ldap/README.gz I think it's http://www.padl.com. So I
suggest you add the Homepage control field to your package. Anyhow, I couldn't
find much information regarding my concerns there.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-ldap depends on:
ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
ii libpam-runtime1.1.1-6.1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
libpam-ldap recommends no packages.
Versions of packages libpam-ldap suggests:
ii libnss-ldap 264-2.2NSS module for using LDAP as a nam
-- debconf information:
* shared/ldapns/base-dn: dc=,dc=xx
libpam-ldap/override: true
* shared/ldapns/ldap_version: 3
* libpam-ldap/dblogin: true
* shared/ldapns/ldap-server: ldap://undisclosed/
* libpam-ldap/pam_password: crypt
* libpam-ldap/binddn: cn=xxx,ou=xxx,dc=,dc=xx
* libpam-ldap/rootbinddn: cn=manager,dc=example,dc=net
* libpam-ldap/dbrootlogin: false
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org