From 94d9c76e4acc798894ea23d9ac049ce7ce995ec0 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 6 Jul 2020 20:20:44 +0200 Subject: nss: Remove cryptographic key support from nss_files, nss_nis, nss_nisplus The interface has hard-coded buffer sizes and is therefore tied to DES. It also does not match current practice where different services on the same host use different key material. This change simplifies removal of the sunrpc code. --- NEWS | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 03e82d8adc..d7282b4ad5 100644 --- a/NEWS +++ b/NEWS @@ -104,6 +104,12 @@ Deprecated and removed features, and other changes affecting compatibility: or contents might be overwritten on subsequent calls in the same thread or if the thread is terminated. It makes strerror MT-safe. +* The "files", "nis" and "nisplus" NSS modules no longer supports the + "key" database (used for secure RPC). The contents of the + /etc/publickey file will be ignored, regardless of the settings in + /etc/nsswitch.conf. (This method of storing RPC keys only supported + the obsolete and insecure AUTH_DES flavor of secure RPC.) + Changes to build and runtime requirements: * powerpc64le requires GCC 7.4 or newer. This is required for supporting -- cgit 1.4.1