HEADS UP: new NSS
Philip Paeps
philip at paeps.cx
Thu Apr 17 17:50:56 PDT 2003
On 2003-04-17 09:11:33 (-0500), Jacques A. Vidrine <nectar at FreeBSD.org> wrote:
> [Skip to WARNINGs below if you read nothing else.]
I read the rest too :-)
> For the moment, in addition to the NSS core, I am committing completely new
> implementations of the getpwent(3) and getgrent(3) family of functions.
> Please report any anomalies to me directly, as well as on this list.
Just checking: are the new implementations (supposed to be) completely
compatible with the old ones, or should I be expecting 'anomalies'?
> WARNING: The `compat' code was and is very hairy. Users who utilize NIS
> using the old `+::::::' entries in passwd(5) (or exclusion lists, or
> netgroups) should be especially wary. The new code is not bug compatible
> with the old code, but I believe it is correct.
It appears as though this is not completely backward-compatible with the
previous state of affairs. Having no nsswitch.conf and '+:::::::::' in
passwd(5) doesn't allow one to log in, and causes uids not to be turned into
names and vice versa.
Perhaps a default nsswitch.conf should be provided to ensure that people don't
end up not being able to log into their machines :-)
Something like the 'example' from nsswitch.conf(5) seems like a suitable
default, except perhaps without the [notfound=return] bit so that local
entries which aren't necessarily in a NIS map still work (users like sshd,
whose absence causes all sorts of painful reactions from a priviledge
sepparated sshd).
- Philip
--
Philip Paeps Please don't CC me, I am
philip at paeps.cx subscribed to the list.
There is always more dirty laundry then clean laundry.
More information about the freebsd-current
mailing list