From owner-freebsd-security@FreeBSD.ORG Tue Sep 20 19:32:23 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A78D2106566C for ; Tue, 20 Sep 2011 19:32:23 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 8DCE58FC14 for ; Tue, 20 Sep 2011 19:32:23 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 4B10677BC; Tue, 20 Sep 2011 12:32:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1316547143; bh=2IIBGedpR1lY6lQjOBbzHMY6Eb+ZzQABlXDHEycLxFo=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=EwG9o9QIlmsYAHpJYdBOPgUWPs6/SdDPv7zF4QdJs7IqRwth8DWTTQjsdmnMC2owB KB4YYifBt3XfAn5ay2qtQXAoHM11q+k07hG/Vh1icoq/m0Ta3ourMLgeFl3Sft3EzN v7KT0kRWsjUlshUNhedLQ7XH7Hdfc7sbOGpuKDjM= Message-ID: <4E78EA46.2080806@delphij.net> Date: Tue, 20 Sep 2011 12:32:22 -0700 From: Xin LI Organization: The FreeBSD Project MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> In-Reply-To: <86zki1afto.fsf@ds4.des.no> OpenPGP: id=3FCA37C1; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: PAM modules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2011 19:32:23 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/18/11 11:03, Dag-Erling Smørgrav wrote: > Xin LI writes: >> LDAP? (We do currently have some work on LDAP integration but >> not sure if the community would be interested -- this would need >> an import of stripped down OpenLDAP) and modifies OpenSSH to >> support public key in LDAP directory. > > I would vote for importing a *complete* OpenLDAP, unless there are > good reasons not to; "slim base" isn't, considering how useful LDAP > is. The main concern I have is that users might want to stay on an older FreeBSD release, while wanting features of a new OpenLDAP. That's why I would prefer a libxml style import -- users always have choice to install a new OpenLDAP without any concern of breaking their system and we can always deliver security fixes with freebsd-update. Would that make the trimmed down and renamed OpenLDAP import sound sensible? Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOeOpGAAoJEATO+BI/yjfBmX4H/0fx3Ld8+EkkbYX5LTXSyBt4 9x2ARzTi18+G/j+eYaiNutD4P+9voLnIGEiJwSTa5tXCtKkysRKZUkvetr+8uV7z 6aykrn+oaD0ol6nhWHESL4sCZh8nAoXLzQYaXKqw3FYH9pbQlckjr26UM4WGT8k/ Z129X0fh6TVN8vaztruJGNkLle69ruAgWpxMvTfligC8+Pbj7mV6YmdAwUidH3hL YtlM7UoogZZzex3qpTUMq6gpKOA0BZTxPhOXWKhfgEz8enFuiYCo1Vs4DpS8S1i+ sbRcn6fTImRkC1FVDpPXEj/piwN/cIb/xv70gfeqgjxUL4LMFSrn9L5kkQ4K0wY= =mRAO -----END PGP SIGNATURE-----