I received a note recently from David Mitchell about a possible case where login may be allowed
without a password using the PAM configuration given in my LDAP authentication on Debian Sarge
howto. This was due to terminating the common-account file with
requiring the pam_permit.so module. If an authentication module listed before this returns an
error rather than a failure, pam_permit.so may proceed and allow the user to log in with invalid
credentials. Though I was not able to get into my own machines configured this way without a valid
password, I've gone ahead and updated the configs listed in that howto to use pam_deny.so to deny
access unless a previous module succeeds. If you used my howto for configuring your own machines for
LDAP auth, you might want to take a look at the updated page and
modify your PAM configuration as appropriate. Thanks, David!
September 2006 Archives
I've put out a couple of Debian and Ubuntu packages. One is for Splat, and the other is for Drawterm. Getting packages into Ubuntu doesn't seem too hard; I went through the process of uploading to Revu and the Drawterm package is now in Edgy. My Splat package has one advocate, but needs one more. If you're an Ubuntu MOTU, please consider being an advocate for my upload!.
My Debian packages, on the other hand, have apparently been totally ignored by people who could actually get them added to Debian. I filed an ITP bug on one and switched an old RFP bug on the other into an ITP quite some time ago. The bug reports list where the packages can be downloaded and the other relevant information Debian docs say to put in there, I posted to the debian-mentors mailing list, and even posted on sponsors.debian.net for both. No maintainer wants to sponsor my packages, it seems.
How does one get packages into Debian? Do you have to go through the effort of making it (it is not trivial) and just pray that a maintainer is interested enough to sponsor your package? If you have any insight as to how I can get these packages into Debian, I'd love to hear it (snb@moduli.net). I'm considering just giving up completely on trying to get anything into Debian again. Perhaps if I make Ubuntu packages they will be eventually ported to Debian or something.
I've also produced a couple of ports for FreeBSD, and I must say those are way, way easier to get a committer to add to the ports tree. The port itself is pretty easy to create, and then you just file a PR and someone generally commits your port within a few days.
