Date: Mon, 31 Jan 2011 07:39:33 +0530 From: ashish@freebsd.org (Ashish SHUKLA) To: Lawrence Stewart <lstewart@freebsd.org> Cc: Ashish SHUKLA <ashish@freebsd.org>, freebsd-ports@freebsd.org Subject: Re: Adding a PAM config option to net-im/ejabberd Message-ID: <86ipx5esde.fsf@chateau.d.if> In-Reply-To: <4D45F219.6070207@freebsd.org> (Lawrence Stewart's message of "Mon, 31 Jan 2011 10:19:53 %2B1100") References: <4D44FD91.7070607@freebsd.org> <86r5buec8e.fsf@chateau.d.if> <4D45F219.6070207@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Lawrence Stewart writes: > On 01/31/11 00:45, Ashish SHUKLA wrote: >> Hi Lawrence, >>=20 >> Lawrence Stewart writes: >>> Hi Ashish, >>=20 >>> What do you think about applying the attached patch to the ejabberd >>> port? It installs some parts required to allow ejabberd to auth against >>> PAM and is working great for me. >>=20 >> Sure, I can apply it, once ports freeze is over. I also need to update >> ejabberd. I'll do both together. > Sounds good, thanks. One question: in order to get PAM auth working, you > have to set uid root on the epam bits and chown them appropriately in > order to allow things to work. Should the port installation process do > these steps as well or should we leave them to the user? I would be > inclined to have the port do them so that upgrading the port doesn't > break PAM auth after the upgrade. We would want to print a big warning > at the end of the port install about the set uid security aspects though. Thanks for the mention, I suggest adding mention of setuid bit in the description of the OPTION. And ofcourse port is going to set the setuid bit during installation. And `security-check' target in bsd.port.mk will catch the setuid bit set on the installed executable, and will inform the user as well. So, adding a warning about setuid bit be redundant, IMHO. Thanks =2D-=20 Ashish SHUKLA =E2=80=9CShe dump(8)-ed me without caring to restore(8).=E2=80=9D (abbe, 20= 05) --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBCgAGBQJNRhniAAoJEMdGz6nnT6Sw7usP/RgAO0tLwUm7K4Yp247PLuT7 /G/MQicPolh7w0QZc+tNrH59008u6iNlz4AiFORaN+8pfhU20PAq3odsftujAwzm zXH1+S5nRmjRevQpk3mOzb7yf0AIJr6NTVnn3OSWQldzDVvaIKbRmmXSsp7Vvked myVMEpdwl0bCZdEGuwz/J9CD+vt3Py7Z8WOAq9z3XOd0P9qoQ4F/Wv4ut+gOrPAA OEToevVapWCwaxNKHLWjJPUV5q6j6kO1GQ6vBJw+vzo9RFlMsR9Wj+EUmHvIQm8o /qlpxlDI29bbJGfPQT+7PvIQDkojg5hJkUgEERuHbVkTSPDUS93CVovxuSqMFAr0 W90JSmEptcJbqNX5Veg6l9tX9JTSC2TwjEMz6MB69DFW62WI371z5R+7XGrAckbB YS2q0h3qHwbOdSG42Vd1LraDzwbebTb8trKIrYP7RPsqcuGQHXCkhLXlkUmXfr7C fP4j21DVCgdqZuKdmoFRW3GiJnmEroWDgEkCtpRvTYX9kGatGtkV3vL8WB73cvzl rNKjbhZT/Z5WSwWacpfxkGghcThnmGc2xwBnkmZtDyauSmB5tgsKC12w5CAzLyGH fBncbDBTdqNM9/EoUAj0WGsVa99LgDt42SnBjMmqGum46LmhdqVkX02K49mQ10Om +O6E7G1qJiWb6LQ9xK4N =UTSY -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ipx5esde.fsf>