Re: Recent commits in stable 389ds branches - discussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


>>> 3) A new default plugin requirement, the plugin being written in Rust - probably
>>> its introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in
>>> FIPS mode).
>> This was a very important fix to get into 1.4.4, usually big changes do not land
>> in 1.4.4 anymore, but this one needed to get in.
> 
> This change was about the C code, not Rust code if I recall correctly, since
> that's the inbuilt PBKDF2_SHA256 module, not the pwdchan one with openldap
> compat. The RUST pbkdf2 module has existed since early 1.4.4 and that's needed
> for openldap migration which we at SUSE enable by default (I don't think RH do
> yet).

the changes in dse.ldif in that issue (3584) made libpwdchan-plugin required for the server (new entries in in cn=Password Storage Schemes,cn=plugins,cn=config).

> 
> 
>>> See my comment
>>> https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. Rust
>>> becomes a requirement for building the server, which is fine, but then it
>>> should be enabled by default in "./configure". Without it the server does not
>>> compile the new plugin and complains about it when starting:
>>> [01/Dec/2021:12:54:04.460194603 +0100] - ERR - symload_report_error - Could not
>>> open library "/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin
>>> PBKDF2
>> Yes I do understand this frustration, and it is now fixed for non-rust builds.
> 
> I think this error specifically came about if you did a rust build, then you
> took rust away, it created some leftovers in dse.ldif I think (?).
No, actually i have never installed rust on any of our production or build servers. dse.ldif now integrates by default rust-written plugins but --enable-rust is not a default option in ./configure, that was in fact the problem.


Thank you, William!

Sincerely,
Andrey
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux