Trying to think out a hack for NSS and pw(8)
Garrett Wollman
wollman at bimajority.org
Sat Sep 10 03:28:46 UTC 2016
<<On Fri, 09 Sep 2016 20:13:02 +0000, "Poul-Henning Kamp" <phk at phk.freebsd.dk> said:
> You want to add a futher layer of complications to the the already
> far too complicated user/group/authentication code in FreeBSD,
> just because you don't want to look at Puppets Ruby code ?
Um, no, that's not remotely what I wrote.
I've spent far more time than is useful looking at Puppet's Ruby code,
TYVM.
What I don't want to do is rewrite pw(8) *and* the Ruby standard
library to have their own passwd(5) implementations to be used just
for managing the sysadmin accounts on a server.
I could tolerate changing pw(8) to give it a "local" flag that means
only look at/manipulate the local files -- except that the C library
doesn't provide any sort of hook for that (yet). I'm proposing to
implement that hook. That would at least get me 70% of the way there.
-GAWollman
More information about the freebsd-security
mailing list