[Bug 608930] [NEW] libnss-ldap needlessly (and indirectly) depend on libpam-ldap

Etienne Goyer etienne.goyer at canonical.com
Thu Jul 22 22:06:11 BST 2010


Public bug reported:

Binary package hint: libnss-ldap

This has been researched on Lucid, but also affect earlier releases.

libnss-ldap depends on ldap-auth-config, which depends on ldap-auth-
client, which depends on libpam-ldap.  This means that installing
libnss-ldap will systematically pull in libpam-ldap.

libpam-ldap automatically insert himself in the PAM stack, since it ship
and install a pam-config profile, /usr/share/pam-configs/ldap.  This
profile get applied through an unconditional call to pam-auth-update in
the libpam-ldap postinst maintainer script.

As explained above, installing libnss-ldap indirectly configures PAM to
use pam_ldap.  However, there are scenario where you would use LDAP only
for NSS and not for authentication.  For example, when using Kerberos.
A way to install libnss-ldap without pulling in libpam-ldap would be
desirable in these cases.

I am not too sure how this should be done.  Perhaps wrapping the call to
pam-auth-update in libpam-ldap.postinst inside a conditional check to a
preseedable value, such as libpam-ldap/enable for example, which would
default to true?

** Affects: libnss-ldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
libnss-ldap needlessly (and indirectly) depend on libpam-ldap
https://bugs.launchpad.net/bugs/608930
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.



More information about the Ubuntu-server-bugs mailing list