Trying to think out a hack for NSS and pw(8)
wollman at bimajority.org
Sat Sep 10 22:35:57 UTC 2016
<<On Sat, 10 Sep 2016 17:31:02 +1000, Jan Mikkelsen <janm at transactionware.com> said:
> We manage the two separate databases using the -V option to pw, and
> then have a script to merge the two databases into the standard
> local database.
Thanks for the clue; if I can convince Puppet not to use getpwnam(3)
et al then this looks like it will actually be the best option. I
determined experimentally that simply adding "-V /etc" to the pw(8)
command line will completely disable nsswitch and manipulate only the
local passwd database, which is very nearly what I want.
More information about the freebsd-security