Trying to think out a hack for NSS and pw(8)
Poul-Henning Kamp
phk at phk.freebsd.dk
Fri Sep 9 20:18:30 UTC 2016
--------
In message <22483.5592.653250.726711 at hergotha.csail.mit.edu>, Garrett Wollman w
rites:
> Puppet invokes pw(8) to actually perform the
>modifications, but I suspect it also uses native code from the Ruby
>standard library to actually do pre-modification lookups.
>[...]
>Looking at the code in both nss-pam-ldapd and libc, it seems like the
>only plausible way to fix this is to add functionality to nsswitch
>which would allow it to use different configurations depending on the
>identity of the process invoking getpwnam(3) or getgrnam(3).
You want to add a futher layer of complications to the the already
far too complicated user/group/authentication code in FreeBSD,
just because you don't want to look at Puppets Ruby code ?
Really ?
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list