Red Hat Bugzilla – Bug 166749
RFE: please split libs and daemons
Last modified: 2007-11-30 17:11:12 EST
Description of problem:
on x86_64 the i386 version of libsasl2.so.2 is needed for the i386 openldap,
which in turn is needed by openoffice.org
But because the cyrus-sasl package contains both libs and daemons, it in itself
brings in more (unneeded) dependencies. To be more precise it brings in pam,
which in turn brings in cracklib.
I believe this split makes sense on every arch, since almost any setup needs the
libs, and almost no seyup needs the daemon (AFAIK).
The server half of the PLAIN and LOGIN plugins call the sasl_checkpass()
function to check user passwords. Applications which link with libsasl2 can do
The pwcheck_method can point to saslauthd, so my only qualm about splitting
things up is that you could end up with an application attempting to use
saslauthd in a case where saslauthd isn't installed.
I already was afraid that there might be something like that under the hood. You
say: "the pwcheck_method can point to saslauthd", when does it do it, is this
configuration dependent (and in that case what does it do with the default cfg)
or is this dependent on program using libsasl provided info?
It's dependent on the configuration of whichever server is using libsasl2,
usually set in /usr/lib/sasl2/<app>.conf. But it's the default configuration
which we include for the MTAs (so that they can do PLAIN -- pam_unix doesn't let
you check another user's password unless you're executing as root, but saslauthd
runs as root).
It would be hard to ensure that saslauthd was pulled in on upgrades in scenarios
where it's needed if we moved it to a subpackage. We could move libsasl2 to a
subpackage (cyrus-sasl-libs, ugh), so that upgrades would pull in the new
subpackage as a dependency, but there's still the other thing -- adding an
explicit dependency would probably solve that -- the x86_64 saslauthd should
work just as well for an i386 libsasl2 trying to use it because the protocol is
not word-size dependent. So I guess it's really the ugh factor.
Thanks, after upgrading I could successfully remove pam and cracklib.
OTOH though, the x86_64 version of cyrus-sasl (daemon) now also drags in
libpq.so (postgres-libs) and libmysqlclient.so, which drags in complete mysql,
which is kinda bad!
Maybe mysql needs to be split in server and libs too, esp if packages like
cyrus-sasl are going to require the lib.