pam_unix.so + nsswitch.conf + nis

[Vassilis Vatikiotis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dominik George wrote:
> Did you follow some how-to that tells you to add +:::: or something like
> that to your passwd and shadow files? If so, NIS requests will be sent
> upon file and compat resolution.
> 

The +::::: notation in passwd/shadow filesis used when the 'compat'
option is used in nsswitch.conf, and I haven't used any 'compat' option
in nsswitch nor the +/- compatibility notation in passwd and shadow files.

It's not needed anyway since glibc supports NIS lookups. The compat
option was used when libc5 without NYS support was used in linux, maybe
a decade ago or something like that.

I suspect it's deeper than this, maybe in the pam_unix.so source. Among
other things I've read about it is that nis support is included in
pam_unix.so and the way to configure is through nsswitch.conf. But it
seems that pam_unix doesn't honor the 'status=action' mechanism in
nsswitch.conf.

Idea maybe:
[It would be so much better (for me at least) if pam_unix had support
**only** for the standard /etc files mechanism and a pam_nis.so existed;
configuring authentication would be the same as pam_ldap (sort of). Bug
55193 in Redhat Bugzilla would be the solution, had there been pam_nis
(working similar to pam_ldap)]

Anyway, I'm willing to dive into source code here. Any cvs link I could
get pam_unix.so source from?

thx
vassilis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGy4tzgUWLzP4xLCERAgqsAJ43bYUd9r2tJAvc7qbl03fBZEANuACeO5dc
OzKhNPgFKnVpr40vB8oOqP8=
=lItr
-----END PGP SIGNATURE-----