The main aspect of this module consists in defining a new domain for the confinement of this PAM module. I have created this module as when I used the PamLDAP extension for remote authentications, I discovered that it used sensitive information for LDAP connexions. The module aims to protect these datas. Reproducible: Always See proposed patches on http://aispirit.tuxfamily.org/bugs/pdf/pamldap_en-1.0.pdf (english version). Selinux module is available at http://aispirit.tuxfamily.org/bugs/patches/pamldap_1.0-selinux.rar Note that this patch is only a draft and that it has not yet been approved by the hardened-gentoo comunity.
closing stale bugs. referenced URLs are invalid too.
Same closing remark, as for previous bug 199298 (to maintain valid links) The URL have been changed for the patches to http://www.julienthomas.eu/bugs/patches/. However, the proposed module was valid for Linux 2.6.20-hardened-r5 (2007 !) I will, if I have time, look at the new policies to see if the module is still valid. Best Regards, Julien Thomas