[PC-BSD Testing] System Ports Clobbering and LDAP oh my!

Eric Crist ecrist at secure-computing.net
Tue Jun 5 11:35:13 PDT 2012


Kris, all,

I was asked to post this here, so please feel free to direct all flames toward Dru.  It's her fault. :)

We have a couple PC-BSD systems that were installed and configured back in the middle of December, 2011.  The configuration included all my rain dances to get LDAP configured for authentication, groups, and sudo.  Today, upon doing what ever updates were needed between December 15 and now, all off our PAM configs were reset, and a series of ports we installed in base, were removed.  This includes pam_ldap, nss_ldap, pam_mkhomedir, and others.

I think the update procedure should do similar to mergemaster, and if a file has been changed, leave it alone.  The end result today was a user, after applying system updates, could not get into their own system.  We do not give out the system root credentials.

Please let me know what the canonical way to do these configurations is, or what I can do to help you develop an update mechanism that is a bit more safe.

Cheers
-----
Eric F Crist



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20120605/c17aca82/attachment-0001.bin>


More information about the Testing mailing list