[Bug 608930] [NEW] libnss-ldap needlessly (and indirectly) depend on libpam-ldap
Etienne Goyer
etienne.goyer at canonical.com
Thu Jul 22 22:06:11 BST 2010
Public bug reported:
Binary package hint: libnss-ldap
This has been researched on Lucid, but also affect earlier releases.
libnss-ldap depends on ldap-auth-config, which depends on ldap-auth-
client, which depends on libpam-ldap. This means that installing
libnss-ldap will systematically pull in libpam-ldap.
libpam-ldap automatically insert himself in the PAM stack, since it ship
and install a pam-config profile, /usr/share/pam-configs/ldap. This
profile get applied through an unconditional call to pam-auth-update in
the libpam-ldap postinst maintainer script.
As explained above, installing libnss-ldap indirectly configures PAM to
use pam_ldap. However, there are scenario where you would use LDAP only
for NSS and not for authentication. For example, when using Kerberos.
A way to install libnss-ldap without pulling in libpam-ldap would be
desirable in these cases.
I am not too sure how this should be done. Perhaps wrapping the call to
pam-auth-update in libpam-ldap.postinst inside a conditional check to a
preseedable value, such as libpam-ldap/enable for example, which would
default to true?
** Affects: libnss-ldap (Ubuntu)
Importance: Undecided
Status: New
--
libnss-ldap needlessly (and indirectly) depend on libpam-ldap
https://bugs.launchpad.net/bugs/608930
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list