Adding a PAM config option to net-im/ejabberd
Ashish SHUKLA
ashish at FreeBSD.org
Sun Mar 6 15:44:07 UTC 2011
Lawrence Stewart writes:
> On 01/31/11 13:09, Ashish SHUKLA wrote:
>> Lawrence Stewart writes:
>>> On 01/31/11 00:45, Ashish SHUKLA wrote:
>>>> Hi Lawrence,
>>>>
>>>> Lawrence Stewart writes:
>>>>> Hi Ashish,
>>>>
>>>>> What do you think about applying the attached patch to the ejabberd
>>>>> port? It installs some parts required to allow ejabberd to auth against
>>>>> PAM and is working great for me.
>>>>
>>>> Sure, I can apply it, once ports freeze is over. I also need to update
>>>> ejabberd. I'll do both together.
>>
>>> Sounds good, thanks. One question: in order to get PAM auth working, you
>>> have to set uid root on the epam bits and chown them appropriately in
>>> order to allow things to work. Should the port installation process do
>>> these steps as well or should we leave them to the user? I would be
>>> inclined to have the port do them so that upgrading the port doesn't
>>> break PAM auth after the upgrade. We would want to print a big warning
>>> at the end of the port install about the set uid security aspects though.
>>
>> Thanks for the mention, I suggest adding mention of setuid bit in the
>> description of the OPTION. And ofcourse port is going to set the setuid bit
>> during installation.
>>
>> And `security-check' target in bsd.port.mk will catch the setuid bit set on
>> the installed executable, and will inform the user as well. So, adding a
>> warning about setuid bit be redundant, IMHO.
> Updated patch attached. Feel like committing it for me?
Sure. I'm doing an update to 2.1.6 this week, and will include your diff.
Thanks
--
Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0
freebsd.org!ashish | http://people.freebsd.org/~ashish/
Avoid Success At All Costs !!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20110306/833d96a7/attachment.pgp
More information about the freebsd-ports
mailing list