Bug 553857
Summary: | Review Request - pam_ldap (for an nss_ldap/pam_ldap split) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nalin Dahyabhai <nalin> |
Component: | Package Review | Assignee: | Stephen Gallagher <sgallagh> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | fedora-package-review, notting, sgallagh, tmraz |
Target Milestone: | --- | Flags: | nalin:
fedora_requires_release_note?
sgallagh: fedora-review+ kevin: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-03-25 23:05:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 103568, 555121 |
Description
Nalin Dahyabhai
2010-01-09 05:01:43 UTC
CCing Tomas, the authconfig maintainer, because this split also changes the names of the configuration files (nss_ldap will read nss_ldap.conf and optionally nss_ldap.secret; pam_ldap will read pam_ldap.conf and optionally pam_ldap.secret). Is having separate configuration for pam_ldap and nss_ldap really a good idea? It creates unnecessary hassle for the sysadmins and in 99% of configurations involving both of these packages the contents of the configuration files will be the same. I suggest adding a subpackage (either to pam_ldap or nss_ldap - choose package which you think will be used in more cases) named for example ldap-config which would contain just the ldap.conf and ldap.secret files. The nss_ldap and pam_ldap packages can then require this package. (In reply to comment #2) > Is having separate configuration for pam_ldap and nss_ldap really a good idea? > It creates unnecessary hassle for the sysadmins and in 99% of configurations > involving both of these packages the contents of the configuration files will > be the same. I suggest adding a subpackage (either to pam_ldap or nss_ldap - > choose package which you think will be used in more cases) named for example > ldap-config which would contain just the ldap.conf and ldap.secret files. The > nss_ldap and pam_ldap packages can then require this package. The upstream tarballs actually ship default configuration files with different contents. There's nothing stopping an admin from linking the two. Meanwhile, moving the ldap.conf file from one package to the other during an upgrade requires stepping around RPM's built-in handling of %config files, and probably needs to involve triggers -- I just don't want to go there. I'm also wary of people continuing to incorrectly assume that /etc/ldap.conf is some global everything-should-read-this-file-for-ldap-settings file, which it was never supposed to be. Current files are now http://nalin.fedorapeople.org/nss_ldap.spec http://nalin.fedorapeople.org/nss_ldap-265-4.src.rpm http://nalin.fedorapeople.org/pam_ldap.spec http://nalin.fedorapeople.org/pam_ldap-185-4.src.rpm None of the rpmlint warnings/errors are of concern. rpmlint output: pam_ldap.src: W: spelling-error %description -l en_US pam -> map, Pam, pan pam_ldap.src: W: spelling-error %description -l en_US ldap -> lap, leap, adapt pam_ldap.src: W: spelling-error %description -l en_US crypted -> crypt ed, crypt-ed, encrypted pam_ldap.x86_64: W: spelling-error %description -l en_US pam -> map, Pam, pan pam_ldap.x86_64: W: spelling-error %description -l en_US ldap -> lap, leap, adapt pam_ldap.x86_64: W: spelling-error %description -l en_US crypted -> crypt ed, crypt-ed, encrypted pam_ldap.x86_64: E: zero-length /usr/share/doc/pam_ldap-185/NEWS pam_ldap.x86_64: E: non-readable /etc/pam_ldap.secret 0600 pam_ldap.x86_64: W: dangerous-command-in-%pre cp pam_ldap.x86_64: W: dangerous-command-in-%post mv pam_ldap-debuginfo.x86_64: W: spelling-error Summary(en_US) pam -> map, Pam, pan pam_ldap-debuginfo.x86_64: W: spelling-error Summary(en_US) ldap -> lap, leap, adapt pam_ldap-debuginfo.x86_64: W: spelling-error %description -l en_US pam -> map, Pam, pan pam_ldap-debuginfo.x86_64: W: spelling-error %description -l en_US ldap -> lap, leap, adapt 3 packages and 0 specfiles checked; 2 errors, 12 warnings. MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [13] This package uses /%{_usr}/security but does not have 'Requires: pam' (In reply to comment #5) > MUST: A package must own all directories that it creates. If it does not create > a directory that it uses, then it should require a package which does create > that directory. [13] > This package uses /%{_usr}/security but does not have 'Requires: pam' Adding an explicit requirement on "pam" to these candidates: http://nalin.fedorapeople.org/pam_ldap.spec http://nalin.fedorapeople.org/pam_ldap-185-5.src.rpm With that final change, this review request is approved. New Package CVS Request ======================= Package Name: pam_ldap Short Description: PAM module for LDAP Owners: nalin Branches: devel InitialCC: CVS done (by process-cvs-requests.py). (please use fedora account system name in Owners, not email address) Built pam_ldap-185-5.fc14. Thanks, everyone! |