https://bugzilla.redhat.com/show_bug.cgi?id=753027
--- Comment #11 from Florian Weimer <fweimer(a)redhat.com> ---
(In reply to Mathieu Bridon from comment #9)
(In reply to Florian Weimer from comment #8)
> I don't think libpq (the PostgreSQL client library) is designed to be used
> in a SUID process, so this PAM module is likely not entirely safe to use as
> the system default.
Do you mean you wouldn't recommend to introduce this package in Fedora at
all?
Yes, the implementation needs to be split into a in-process stub and a separate
daemon, like nss-pam-ldapd.
(I still didn't have time to resolve the selinux issues mentioned
in comment
3, which might be an additional concern)
That would also help to address the SELinux issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component