Date: Mon, 16 Jul 2007 14:06:43 -0400 From: Tom McLaughlin <tmclaugh@sdf.lonestar.org> To: ports@freebsd.org Subject: PLEASE TEST: sudo-1.6.9 Message-ID: <1184609203.16067.54.camel@localhost>
next in thread | raw e-mail | index | archive | help
Hi all, After nearly 2 years sudo 1.6.9 should be released very shortly. The two things I've been excited about is group order in nsswitch no longer matters when trying to use group based permissions and SASL support has been added when using LDAP based rules. I've been using the RCs for the past few weeks and so far the only issue I've seen is some SASL related problems. (More on that later.) Before I commit an update to the port I'd like to get a little feedback. From looking at UPGRADING and CHANGES a lot of work has gone into this new release. Environment handling has been heavily redone. I don't want hate mail from people if their stuff breaks so here's your chance... http://people.freebsd.org/~tmclaugh/files/sudo-1.6.9.r4.diff As for SASL support, I'm having a problem when sasl_auth_id is set in ldap.conf which is causing sudo to fail to authenticate when attempting to bind to LDAP while nss_ldap shows no issues. (By the way, should I change sudo to use nss_ldap.conf instead of ldap.conf since that's what nss_ldap installs and the file is meant to be shared? Maybe make this configurable?) Can someone explain to me how sasl_auth_id works in nss_ldap? It seems to have no effect on my setup here. I can set it to a totally bogus value and it works just fine. I've tried with versions 255 and the new 256. I'd be curious to here from other sudo+ldap users how the SASL support works for them. Thanks. tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1184609203.16067.54.camel>