From owner-freebsd-security@FreeBSD.ORG Wed Sep 21 00:51:19 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D945A106566C for ; Wed, 21 Sep 2011 00:51:19 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id BE5918FC08 for ; Wed, 21 Sep 2011 00:51:19 +0000 (UTC) Received: from delta.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 5510F7753; Tue, 20 Sep 2011 17:51:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1316566279; bh=8r6UHkXGhMqmJIzj7Rs5V1CLOOr8KoMhNnNCReQ9pq0=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=zO2Rdc1D9Q7KEdTxbCcfP6qHTvYt9VdnrkXn5yft+8wJLS+fGmU6mTJlOXvxcsq87 y/NklAdodd4tGJVgfXSRIh3yXlqjaIDJ78DrXQapB0NRP88L6W9e0MfmkvPX59H8vQ 2J7KTR49uHdAJd/pfAB4+KRVNrJuVoyrMspV48b0= Message-ID: <4E793506.1070402@delphij.net> Date: Tue, 20 Sep 2011 17:51:18 -0700 From: Xin LI Organization: The FreeBSD Project MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> <4E78EA46.2080806@delphij.net> <86ty86zzcg.fsf@ds4.des.no> In-Reply-To: <86ty86zzcg.fsf@ds4.des.no> OpenPGP: id=3FCA37C1; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: PAM modules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Sep 2011 00:51:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/20/11 14:19, Dag-Erling Smørgrav wrote: > Xin LI writes: >> The main concern I have is that users might want to stay on an >> older FreeBSD release, while wanting features of a new OpenLDAP. >> That's why I would prefer a libxml style import -- users always >> have choice to install a new OpenLDAP without any concern of >> breaking their system and we can always deliver security fixes >> with freebsd-update. Would that make the trimmed down and >> renamed OpenLDAP import sound sensible? > > Yes, you have a point. So you're saying: > > - client side only (for nss_ldap, pam_ldap etc) - namespace hacks > to avoid colliding with the port > > right? I would definitely support that. Yes exactly, the current version is just library to support these nss and pam modules and have namespace hacks (so programs linking against port OpenLDAP library will not see conflicts as well). Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOeTUGAAoJEATO+BI/yjfBRCAIAKQzG1dJhrLyKyYxJEH5qfXS pm11L5cuQQto9yqm1TeMeT3qNMuNBo+bWt2QPJ0ef6qaOiL1oYIHdDyAkHqlDh1Z q5zuwxZFzNAaBYF+QZLE0jSJpV05YpuN5bdkM5GilYw/xzbI4QmOstgJMyPS92WD //oFfz9jHdQxJ0jZdp8dTDKMbgpOfUDfm/82zdDJPRnoK4dbJyn1xNFOB2H7KQyI l246YN/W4/yR1wUDZlgjQ6zVoG4I6WvK1Lv7MU3YD2sNqfsnxoC+928U4Swd05Di A1KXRWLsSB+2ZFnCXbGq3D22KhnmD4GQqxEZn5PZj0p2mDF3kjYDf3zlsUoofmw= =DG1c -----END PGP SIGNATURE-----