Re: HEADS UP: new NSS

From: Philip Paeps <philip_at_paeps.cx>
Date: Fri, 18 Apr 2003 02:50:43 +0200
On 2003-04-17 09:11:33 (-0500), Jacques A. Vidrine <nectar_at_FreeBSD.org> wrote:
> [Skip to WARNINGs below if you read nothing else.]

I read the rest too :-)

> For the moment, in addition to the NSS core, I am committing completely new
> implementations of the getpwent(3) and getgrent(3) family of functions.
> Please report any anomalies to me directly, as well as on this list.

Just checking: are the new implementations (supposed to be) completely
compatible with the old ones, or should I be expecting 'anomalies'?

> WARNING: The `compat' code was and is very hairy.  Users who utilize NIS
> using the old `+::::::' entries in passwd(5) (or exclusion lists, or
> netgroups) should be especially wary.  The new code is not bug compatible
> with the old code, but I believe it is correct.

It appears as though this is not completely backward-compatible with the
previous state of affairs.  Having no nsswitch.conf and '+:::::::::' in
passwd(5) doesn't allow one to log in, and causes uids not to be turned into
names and vice versa.

Perhaps a default nsswitch.conf should be provided to ensure that people don't
end up not being able to log into their machines :-)

Something like the 'example' from nsswitch.conf(5) seems like a suitable
default, except perhaps without the [notfound=return] bit so that local
entries which aren't necessarily in a NIS map still work (users like sshd,
whose absence causes all sorts of painful reactions from a priviledge
sepparated sshd).

 - Philip

-- 
Philip Paeps                                          Please don't CC me, I am
philip_at_paeps.cx                                       subscribed to the list.

  There is always more dirty laundry then clean laundry.
Received on Thu Apr 17 2003 - 15:50:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:04 UTC