[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8797) improper use of gnutls causes segfault
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8797) improper use of gnutls causes segfault
- From: hyc@symas.com
- Date: Tue, 16 Jan 2018 10:51:55 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
lukas@selfnet.de wrote:
>> PAM should be using nss-pam-ldapd, not calling libldap directly. This
>> is an architectural flaw in both GnuTLS and PAM, not an OpenLDAP bug.
>> This ITS is invalid.
>
> It's called _lib_ldap after all, so are other projects linking against /
> dlopen()ing libldap doing the wrong thing?
PAM should not be polluting the application namespace with libraries that the
application may itself be using. The same type of problems arise if e.g. the
application uses Kerberos and PAM also uses Kerberos, and the application and
PAM want to use different configurations.
The only correct way for a PAM module to work is to never expose its
underlying libraries to the calling application.
This is not an OpenLDAP issue.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/