[Pkg-openldap-devel] r920 - openldap/trunk/debian

Steve Langasek vorlon at alioth.debian.org
Sun Dec 16 12:40:38 UTC 2007 

Author: vorlon
Date: 2007-12-16 12:40:38 +0000 (Sun, 16 Dec 2007)
New Revision: 920

Modified:
   openldap/trunk/debian/changelog
   openldap/trunk/debian/configure.options
Log:
Don't build with LAN Manager password support; these passwords are more
insecure than traditional Unix crypt, and only relevant when talking to
Windows 98.

If someone really needs lanman passwords, then the patch from bug #245341
will also need to be updated and applied, since the existing code doesn't
build with gcrypt; but I strongly advise against re-enabling these password
hashes, as even Samba isn't going to be using them by default anymore in
hardy/lenny and beyond.



Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog	2007-12-16 12:30:23 UTC (rev 919)
+++ openldap/trunk/debian/changelog	2007-12-16 12:40:38 UTC (rev 920)
@@ -38,8 +38,11 @@
     phase.
   * Don't stop slapd in the preinst by hand, the prerm already stops the
     old slapd using the standard interfaces.
+  * Don't build with LAN Manager password support; these passwords are more
+    insecure than traditional Unix crypt, and only relevant when talking to
+    Windows 98.
 
- -- Steve Langasek <vorlon at debian.org>  Sun, 16 Dec 2007 03:35:25 -0800
+ -- Steve Langasek <vorlon at debian.org>  Sun, 16 Dec 2007 04:33:49 -0800
 
 openldap2.3 (2.3.39-1) unstable; urgency=medium
 

Modified: openldap/trunk/debian/configure.options
===================================================================
--- openldap/trunk/debian/configure.options	2007-12-16 12:30:23 UTC (rev 919)
+++ openldap/trunk/debian/configure.options	2007-12-16 12:40:38 UTC (rev 920)
@@ -86,7 +86,7 @@
 #--enable-crypt	  enable crypt(3) passwords [no]
 --enable-crypt
 #--enable-lmpasswd	  enable LAN Manager passwords [no]
---enable-lmpasswd
+--disable-lmpasswd
 #--enable-spasswd	  enable (Cyrus) SASL password verification [no]
 --enable-spasswd
 #--enable-modules	  enable dynamic module support [no]

More information about the Pkg-openldap-devel mailing list