LDAP and Linux compatibility
Michael Collette
metrol.net at gmail.com
Sat Mar 19 15:00:15 PST 2005
Please excuse a wee bit of cross posting here. It seems that the
questions list may not be the appropriate place for this as I've found
a number of unanswered posts involving this topic.
My FreeBSD workstations are setup with pam_ldap to a centralized
openldap server for authentication. This works perfectly for native
FreeBSD applications. What I'm running into an issue with are Linux
binaries attempting to make a getpwuid_r() call so as to discover the
user's uid. So far it seems that the latest Real Player and Adobe
Acrobat Reader 7.0 are unable to run without this call functioning.
Either application dies with...
GLib-WARNING **: getpwuid_r(): failed due to unknown user id
I suspect that there are probably several other Linux applications
that will have similar problems. The problem is immediately evident
with /compat/linux/usr/bin/id when attempting a lookup on an LDAP
user. The Linux id command only seems to work on locally stored
users. The FreeBSD native id command performs as expected in all
cases.
The reason I decided to write this mailing list was that it seems that
this is more than just a configuration issue. I would have thought
that whatever routines are grabbing calls from the Linux apps should
be respecting the main system settings. It would appear that what's
happening instead is simply a redirect to the local password database.
Which now leads into my questions for this list:
How do Linux applications determine authorization for users?
Do we need linux_pam_ldap, linux_nss_ldap and linux_openldap_client
ports to be created to facilitate what I'm talking about?
Is there a lower level option of properly masking the Linux call for a
uid and returning the appropriate information from the main system?
If we're talking about an honest to gosh bug with the system, could
someone who has a better understanding of what all is going on give me
a hand with putting together a useful PR report?
Thanks,
--
"When you come to a fork in the road....Take it"
- Yogi Berra
More information about the freebsd-security
mailing list