Trying to think out a hack for NSS and pw(8)

Garrett Wollman wollman at
Sat Sep 10 22:35:57 UTC 2016

<<On Sat, 10 Sep 2016 17:31:02 +1000, Jan Mikkelsen <janm at> said:

> We manage the two separate databases using the -V option to pw, and
> then have a script to merge the two databases into the standard
> local database.

Thanks for the clue; if I can convince Puppet not to use getpwnam(3)
et al then this looks like it will actually be the best option.  I
determined experimentally that simply adding "-V /etc" to the pw(8)
command line will completely disable nsswitch and manipulate only the
local passwd database, which is very nearly what I want.


More information about the freebsd-security mailing list