On Thu, 28 Nov 2013 12:18, Stephan Kulow <coolo@...> wrote:
On 28.11.2013 12:01, Thorsten Kukuk wrote:
On Thu, Nov 28, NeilBrown wrote:
pam_unix*.so uses libtirpc, presumably for NIS (aka YP) lookup. Do we support kerberos authentication for NIS lookup I wonder.
Several PAM modules uses libtirpc as fallback, but luckily for us, it's only really needed for pam_unix.so. And this one uses it for different tasks.
NIS doesn't use kerberos authentication, only plain RPC.
I couldn't find a place in pam_unix.so where we call RPC functions and are able to support IPv6, so I removed now the libtrpc dependency to pam. But this is only possible as long as no module uses RPC with IPv6. So this is not a long term solution, only short term.
Would it be possible to have a simple module in pam and more advanced functionality in a different package - it can even be required by pam as long as this is requirement does not apply in the build service (bootstrap). I mean - long term ;)
Greetings, Stephan
IMO a split-out of NIS / YP stuff from pam_unix is needed, or a "pam_unix_minimum" as a replacement. A pam_nis or pam_krb "modul" makes much more sense (as it can be left out of bootstrap). No need to pollute the base buildsystem AND just EVERY installed system with kerberos and/or NIS / YP stuff if it isn't needed or wanted. What's the next proposed must-build-in dependency? CIFS(Samba) -- or maybe something else? Let's get or heads together and reduce the BASE and bootstrap. If the libtirpc / krb5 situation will not get better, maybe a 'fake-this'-lib that 'conflict' with libtirpc / krb5 and 'provides' the needed api but does not depend on anything (just ONE *.h and ONE *.c file) will be the solution. Think about it: Just how many of the existing OSS installs are single machine islands that do not need that stuff at all? -- I'd say more than 30% of the installs. If I'm wrong, please, say so. - Yamaban. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org