Trying to think out a hack for NSS and pw(8)

Garrett Wollman wollman at
Sat Sep 10 03:28:46 UTC 2016

<<On Fri, 09 Sep 2016 20:13:02 +0000, "Poul-Henning Kamp" <phk at> said:

> You want to add a futher layer of complications to the the already
> far too complicated user/group/authentication code in FreeBSD,
> just because you don't want to look at Puppets Ruby code ?

Um, no, that's not remotely what I wrote.

I've spent far more time than is useful looking at Puppet's Ruby code,

What I don't want to do is rewrite pw(8) *and* the Ruby standard
library to have their own passwd(5) implementations to be used just
for managing the sysadmin accounts on a server.

I could tolerate changing pw(8) to give it a "local" flag that means
only look at/manipulate the local files -- except that the C library
doesn't provide any sort of hook for that (yet).  I'm proposing to
implement that hook.  That would at least get me 70% of the way there.


More information about the freebsd-security mailing list