Bug#277767: [Pkg-shadow-devel] Progress on this bug report?

Alexander Gattin xrgtn at yandex.ru
Thu Mar 30 20:46:50 UTC 2006


On Tue, Mar 28, 2006 at 06:55:46PM +0300, Alexander Gattin wrote:
> > never had too much problem setting up either start_TLS or ldaps security
> > altho I've always used RSA I think.

I've got answer in openldap-software maillist, and
impressively quickly, what a miracle! %)

On Wed, Mar 29, 2006 at 01:12:41AM +0000, hyc at symas.com wrote:
> There is no support for DSA certificates in OpenLDAP 2.2. It was added 
> in 2.3.12.

It was related to DH params handling, as Howard
wrote, and effectively DSA certs became supported since

Greg, I tried similar setup to yours, with:
> login/testing upgradeable from 1:4.0.14-3x4 to 1:4.0.14-9
(locally built)
> libnss-ldap/testing uptodate 238-1.1
> libpam-ldap/testing uptodate 180-1

while you used:
> login 1:4.0.3-30.1
> libnss-ldap 238-1
> libpam-ldap 178-1sarge1

In my setup, `su - ldapxusr` works perfectly -- it
processes ~/.ldaprc, looks through ~/certs, starts TLS
and does its job well if not straced (otherwize
setgid() fails). I.e. it does not crash/fail.

The only issue is when I use /etc/ssl/certs/ which is
full of CA certs on my system -- then `su -` hangs for
about a minute (ca-certificates package has around 100
certificates...) while checking _all_ of them (don't
know why?).

So, I think testing/unstable system is free from bug
#277767. Greg, I'll check it on sarge soon. If you
like, you may check it on testing system on your side
to see whether it is actually fixed in Debian/testing
or not.

Main problem is that if you upgrade a  sarge system to
Debian/testing, you won't be able to return to
Debian/stable easily as libc6 will be upgraded (this is
one-way ticket unfortunately).


More information about the Pkg-shadow-devel mailing list