Adding a PAM config option to net-im/ejabberd
Ashish SHUKLA
ashish at freebsd.org
Mon Jan 31 02:09:41 UTC 2011
Lawrence Stewart writes:
> On 01/31/11 00:45, Ashish SHUKLA wrote:
>> Hi Lawrence,
>>
>> Lawrence Stewart writes:
>>> Hi Ashish,
>>
>>> What do you think about applying the attached patch to the ejabberd
>>> port? It installs some parts required to allow ejabberd to auth against
>>> PAM and is working great for me.
>>
>> Sure, I can apply it, once ports freeze is over. I also need to update
>> ejabberd. I'll do both together.
> Sounds good, thanks. One question: in order to get PAM auth working, you
> have to set uid root on the epam bits and chown them appropriately in
> order to allow things to work. Should the port installation process do
> these steps as well or should we leave them to the user? I would be
> inclined to have the port do them so that upgrading the port doesn't
> break PAM auth after the upgrade. We would want to print a big warning
> at the end of the port install about the set uid security aspects though.
Thanks for the mention, I suggest adding mention of setuid bit in the
description of the OPTION. And ofcourse port is going to set the setuid bit
during installation.
And `security-check' target in bsd.port.mk will catch the setuid bit set on
the installed executable, and will inform the user as well. So, adding a
warning about setuid bit be redundant, IMHO.
Thanks
--
Ashish SHUKLA
“She dump(8)-ed me without caring to restore(8).” (abbe, 2005)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20110131/5dee3676/attachment.pgp
More information about the freebsd-ports
mailing list