[Citadel Development] (no subject)
A little troubleshooting last night with a Citadel user running Gentoo revealed that our PAM configuration file was a little less than portable: #%PAM-1.0 # auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_stack.so service=system-auth accountrequired /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth After a little bit of experimentation, I've changed the default to: #%PAM-1.0 # auth include system-auth accountinclude system-auth sessioninclude system-auth This appears to be portable, although I haven't yet found any relevant documentation in LSB that says how to do this stuff. It appears to be valid on even older RedHat-ish systems, along with current Ubuntu and Gentoo. If anyone could shed some light on whether include system-auth is either a de jure standard or at least widely portable, I'd appreciate the insight.
[Citadel Development] SVN commit log: revision 4838
r4838 | dothebart | 2007-01-06 15:20:26 -0500 (Sat, 06 Jan 2007) | 2 lines Changed paths: M /trunk/webcit/buildpackages * remove unwanted blanks.
[Citadel Development] SVN commit log: revision 4839
r4839 | dothebart | 2007-01-06 15:21:00 -0500 (Sat, 06 Jan 2007) | 2 lines Changed paths: M /trunk/citadel/buildpackages * remove unwanted blanks.
[Citadel Development] (no subject)
IG, I think include system-auth is fairly new, but by new I mean newer than the original PAM implementation in Citadel, which dates wy back to an old redhat... so I think you're good to go...
[Citadel Development] (no subject)
Jan 5 2007 8:23am from IGnatius T Foobar @uncnsrd As for IPv6 ... I looked into that a while ago and determined that you can listen on IN6ADDR_ANY (or whatever it's called) and most operating systems will let you use that to accept IPv6 and IPv4 connections on the same socket. The one notable exception is OpenBSD, but I'm not sure that makes a big difference. The big obstacle for us with IPv6 is getting all of the RBL stuff working properly. That's okay, I know how to break apart an IPv6 address. As for OpenBSD, I wasn't thinking of the IN6ADDR_ANY hack, but actually rewriting the whole mess. It'll have to be done sooner or later anyway.