Package: cpu Version: 1.4.3-5 Severity: normal Tags: patch the docs say "tls is supported" and "tls may be used if ldap_uri is set". unfortunately, the docs are not complete: by default cpu doesn't try tls (which it did earlier).
*) cpu without options tells you about -x for start_tls, but neither man cpu nor man cpu-ldap tell you about it. this is minor. *) you can not specify to use start_tls in the config file, the code only looks for the -x command line. this is very annoying, as it means that one has to always add -x to a cpu invocation. a patch to support USE_TLS=0/1 in the config file is included; it doesn't contain docu fixes, though. the config entry USE_TLS and -x are made additive: USE_TLS doesn't disable tls if -x is given. there is no "-x 0" so i thought this cleanest. regards az ---x--- --- ./commandline.c.old 2005-06-09 15:39:13.000000000 +1000 +++ commandline.c 2005-06-09 15:39:13.000000000 +1000 @@ -512,6 +512,13 @@ /* end of required fields */ + /* enable tls if not on but don't disable it */ + if (globalLdap->usetls == 0 + && NULL != cfg_get_str("LDAP","USE_TLS")) + { + globalLdap->usetls = cfg_get_int("LDAP","USE_TLS"); + } + if (operation == USERADD && globalLdap->password_file != NULL) { struct cpass *p = NULL; ---x--- -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (980, 'testing'), (970, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.30 Locale: LANG=C, LC_CTYPE=de_AT (charmap=ISO-8859-1) Versions of packages cpu depends on: ii cracklib2 2.7-16 A pro-active password checker libr ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii libsasl7 1.5.27-3.5 Authentication abstraction library ii ucf 1.17 Update Configuration File: preserv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]