Date: Sun, 06 Mar 2011 21:14:04 +0530 From: ashish@FreeBSD.org (Ashish SHUKLA) To: Lawrence Stewart <lstewart@FreeBSD.org> Cc: Ashish SHUKLA <ashish@FreeBSD.org>, freebsd-ports@FreeBSD.org Subject: Re: Adding a PAM config option to net-im/ejabberd Message-ID: <86sjv05k57.fsf@chateau.d.if> In-Reply-To: <4D7305C5.5040709@freebsd.org> (Lawrence Stewart's message of "Sun, 06 Mar 2011 14:55:49 %2B1100") References: <4D44FD91.7070607@freebsd.org> <86r5buec8e.fsf@chateau.d.if> <4D45F219.6070207@freebsd.org> <86ipx5esde.fsf@chateau.d.if> <4D7305C5.5040709@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Lawrence Stewart writes: > On 01/31/11 13:09, Ashish SHUKLA wrote: >> Lawrence Stewart writes: >>> On 01/31/11 00:45, Ashish SHUKLA wrote: >>>> Hi Lawrence, >>>>=20 >>>> Lawrence Stewart writes: >>>>> Hi Ashish, >>>>=20 >>>>> What do you think about applying the attached patch to the ejabberd >>>>> port? It installs some parts required to allow ejabberd to auth again= st >>>>> PAM and is working great for me. >>>>=20 >>>> Sure, I can apply it, once ports freeze is over. I also need to update >>>> ejabberd. I'll do both together. >>=20 >>> Sounds good, thanks. One question: in order to get PAM auth working, you >>> have to set uid root on the epam bits and chown them appropriately in >>> order to allow things to work. Should the port installation process do >>> these steps as well or should we leave them to the user? I would be >>> inclined to have the port do them so that upgrading the port doesn't >>> break PAM auth after the upgrade. We would want to print a big warning >>> at the end of the port install about the set uid security aspects thoug= h. >>=20 >> Thanks for the mention, I suggest adding mention of setuid bit in the >> description of the OPTION. And ofcourse port is going to set the setuid = bit >> during installation. >>=20 >> And `security-check' target in bsd.port.mk will catch the setuid bit set= on >> the installed executable, and will inform the user as well. So, adding a >> warning about setuid bit be redundant, IMHO. > Updated patch attached. Feel like committing it for me? Sure. I'm doing an update to 2.1.6 this week, and will include your diff. Thanks =2D-=20 Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ Avoid Success At All Costs !! --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBCgAGBQJNc6vFAAoJEMdGz6nnT6SwpXIP/Rd2Hkepmr1+XSbjMWl2ZtyT sME2XmhyNMcAvgPWPtzvhkBhxOLVP/WeyZXHr4FjAIkirOA8yzeLW5AVcXiszl5E AF0iWYgIg3ovloYZgP7qB9X5wMDxLTPpANksCTtS7RLADKWmSiuRBhFyCgjy+UWA wLtOHnbO0Jyw/inxCin+WI5/hpL0P1JqlE/h0wra+zHzaAr+49tOu1UR1D1alxqe /KnGis6WxcnnjFpsATo50m6Z2mj023rx83p65BVJqQ86QjiCD7bYsdU2U8RhohYL 3qcBRp0I1B9vp1Ba4memGxzDvQUF/fwYXwBPnz1CK1l+8bxkn1aC3TkELl/F6hzY K1Eg0WdwlKf943lJh0gUOIGPIsJkRyak0l6KPQqcR3VK1sDb6USgLjH3rIM49sWR fXce6Oah7168mzVP2Z1R7Xu+iIn6bi/DY4HUNNZ69J5srNGHzxmK4xv05yIH8/Wg Erv6ZXRlVQiyBz6euRUPw/i39ZB8SDXZEfSOvqOnDpbgG6Rp+/b8/THgku0+UVeg MqCsGjVau77wCDMqda9anBPEq9ndFeAIZ3aGm4xJB5Fee2vSHajTaEzq6/VIMZ6T 3nPaoJvvSNKr7csMz4/NKUypn+4XXvFA/aT3Y4A7KPCwCj9bDBNoHqG/g6BUaUBh S7UWdeQg+CftW+4zKjeR =rt4G -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86sjv05k57.fsf>