[aur-general] Substitute nss_ldap/pam_ldap from [Extra] to nss-pam-ldapd
nss-pam-ldapd is actively maintained while nss_ldap/pam_ldap are not updated in a while. nss-pam-ldapd is more robust too (I had a similar problem like https://bugs.archlinux.org/task/33672 that didn't occur with nss-pam-ldapd; and according to that bug report actually a nss_ldap/pam_ldap setup is simply broken). According to the author ( http://arthurdejong.org/nss-pam-ldapd/) nss-pam-ldapd is faster and more easily to debug (I didn't measured performance, but indeed nss-pam-ldapd is easier to debug, since it's service nslcd have a nice log output). I think Fedora and Mageia uses nss-pam-ldapd for default instead nss_ldap/pam_ldap. Even our Wiki (https://wiki.archlinux.org/index.php/OpenLDAP_Authentication) is recommending nss-pam-ldapd instead of nss_ldap/pam_ldap (actually, if you follow our Wiki using nss_ldap/pam_ldap you will have a non-working LDAP setup). So I suggest to drop nss_ldap/pam_ldap to AUR and put nss-pam-ldapd on [Extra] repository. -- Thiago Kenji Okada <thiago.mast3r@gmail.com> PGP Key: EEC09705
I can support this proposal. Ubuntu also uses nss-pam-ldapd for providing account information from ldap. The project is under active development and security fixes are provided very fast by upstream. (see [1]) [1] http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288 -- Chris
On Sat, Mar 02, 2013 at 01:32:48PM -0300, Thiago Kenji Okada wrote:
nss-pam-ldapd is actively maintained while nss_ldap/pam_ldap are not updated in a while. nss-pam-ldapd is more robust too (I had a similar problem like https://bugs.archlinux.org/task/33672 that didn't occur with nss-pam-ldapd; and according to that bug report actually a nss_ldap/pam_ldap setup is simply broken). According to the author ( http://arthurdejong.org/nss-pam-ldapd/) nss-pam-ldapd is faster and more easily to debug (I didn't measured performance, but indeed nss-pam-ldapd is easier to debug, since it's service nslcd have a nice log output). I think Fedora and Mageia uses nss-pam-ldapd for default instead nss_ldap/pam_ldap. Even our Wiki (https://wiki.archlinux.org/index.php/OpenLDAP_Authentication) is recommending nss-pam-ldapd instead of nss_ldap/pam_ldap (actually, if you follow our Wiki using nss_ldap/pam_ldap you will have a non-working LDAP setup).
So I suggest to drop nss_ldap/pam_ldap to AUR and put nss-pam-ldapd on [Extra] repository. -- Thiago Kenji Okada <thiago.mast3r@gmail.com> PGP Key: EEC09705
Looks like there's already a feature request: https://bugs.archlinux.org/task/32911 @Tom and Allan, you guys maintain the packages that would be replaced here -- either of you have an interest in adopting this? d
On Sat, Mar 02, 2013 at 04:13:01PM -0500, Dave Reisner wrote:
On Sat, Mar 02, 2013 at 01:32:48PM -0300, Thiago Kenji Okada wrote:
nss-pam-ldapd is actively maintained while nss_ldap/pam_ldap are not updated in a while. nss-pam-ldapd is more robust too (I had a similar problem like https://bugs.archlinux.org/task/33672 that didn't occur with nss-pam-ldapd; and according to that bug report actually a nss_ldap/pam_ldap setup is simply broken). According to the author ( http://arthurdejong.org/nss-pam-ldapd/) nss-pam-ldapd is faster and more easily to debug (I didn't measured performance, but indeed nss-pam-ldapd is easier to debug, since it's service nslcd have a nice log output). I think Fedora and Mageia uses nss-pam-ldapd for default instead nss_ldap/pam_ldap. Even our Wiki (https://wiki.archlinux.org/index.php/OpenLDAP_Authentication) is recommending nss-pam-ldapd instead of nss_ldap/pam_ldap (actually, if you follow our Wiki using nss_ldap/pam_ldap you will have a non-working LDAP setup).
So I suggest to drop nss_ldap/pam_ldap to AUR and put nss-pam-ldapd on [Extra] repository. -- Thiago Kenji Okada <thiago.mast3r@gmail.com> PGP Key: EEC09705
Looks like there's already a feature request:
https://bugs.archlinux.org/task/32911
@Tom and Allan, you guys maintain the packages that would be replaced here -- either of you have an interest in adopting this?
d
Argh. Reading the wrong field... Definitely all Jan.
So, any updates? 2013/3/2 Dave Reisner <d@falconindy.com>
On Sat, Mar 02, 2013 at 01:32:48PM -0300, Thiago Kenji Okada wrote:
nss-pam-ldapd is actively maintained while nss_ldap/pam_ldap are not updated in a while. nss-pam-ldapd is more robust too (I had a similar problem like https://bugs.archlinux.org/task/33672 that didn't occur with nss-pam-ldapd; and according to that bug report actually a nss_ldap/pam_ldap setup is simply broken). According to the author ( http://arthurdejong.org/nss-pam-ldapd/) nss-pam-ldapd is faster and more easily to debug (I didn't measured performance, but indeed nss-pam-ldapd is easier to debug, since it's service nslcd have a nice log output). I
On Sat, Mar 02, 2013 at 04:13:01PM -0500, Dave Reisner wrote: think
Fedora and Mageia uses nss-pam-ldapd for default instead nss_ldap/pam_ldap. Even our Wiki ( https://wiki.archlinux.org/index.php/OpenLDAP_Authentication) is recommending nss-pam-ldapd instead of nss_ldap/pam_ldap (actually, if you follow our Wiki using nss_ldap/pam_ldap you will have a non-working LDAP setup).
So I suggest to drop nss_ldap/pam_ldap to AUR and put nss-pam-ldapd on [Extra] repository. -- Thiago Kenji Okada <thiago.mast3r@gmail.com> PGP Key: EEC09705
Looks like there's already a feature request:
https://bugs.archlinux.org/task/32911
@Tom and Allan, you guys maintain the packages that would be replaced here -- either of you have an interest in adopting this?
d
Argh. Reading the wrong field... Definitely all Jan.
-- Thiago Kenji Okada <thiago.mast3r@gmail.com> PGP Key: EEC09705
participants (3)
-
Christoph Seitz
-
Dave Reisner
-
Thiago Kenji Okada