Public bug reported: Binary package hint: libnss-ldap
This has been researched on Lucid, but also affect earlier releases. libnss-ldap depends on ldap-auth-config, which depends on ldap-auth- client, which depends on libpam-ldap. This means that installing libnss-ldap will systematically pull in libpam-ldap. libpam-ldap automatically insert himself in the PAM stack, since it ship and install a pam-config profile, /usr/share/pam-configs/ldap. This profile get applied through an unconditional call to pam-auth-update in the libpam-ldap postinst maintainer script. As explained above, installing libnss-ldap indirectly configures PAM to use pam_ldap. However, there are scenario where you would use LDAP only for NSS and not for authentication. For example, when using Kerberos. A way to install libnss-ldap without pulling in libpam-ldap would be desirable in these cases. I am not too sure how this should be done. Perhaps wrapping the call to pam-auth-update in libpam-ldap.postinst inside a conditional check to a preseedable value, such as libpam-ldap/enable for example, which would default to true? ** Affects: libnss-ldap (Ubuntu) Importance: Undecided Status: New -- libnss-ldap needlessly (and indirectly) depend on libpam-ldap https://bugs.launchpad.net/bugs/608930 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs