pam_unix.so + nsswitch.conf + nis
Steve Langasek
vorlon at debian.org
Wed Aug 22 01:15:17 UTC 2007
On Wed, Aug 22, 2007 at 04:03:48AM +0300, Vassilis Vatikiotis wrote:
> Dominik George wrote:
> > Did you follow some how-to that tells you to add +:::: or something like
> > that to your passwd and shadow files? If so, NIS requests will be sent
> > upon file and compat resolution.
> The +::::: notation in passwd/shadow filesis used when the 'compat'
> option is used in nsswitch.conf, and I haven't used any 'compat' option
> in nsswitch nor the +/- compatibility notation in passwd and shadow files.
> It's not needed anyway since glibc supports NIS lookups. The compat
> option was used when libc5 without NYS support was used in linux, maybe
> a decade ago or something like that.
> I suspect it's deeper than this, maybe in the pam_unix.so source. Among
> other things I've read about it is that nis support is included in
> pam_unix.so and the way to configure is through nsswitch.conf. But it
> seems that pam_unix doesn't honor the 'status=action' mechanism in
> nsswitch.conf.
pam_unix doesn't look at nsswitch.conf at all. It "honors" the file only by
way of its effects on the behavior of the various glibc NSS functions (such
as getpwnam()).
> Anyway, I'm willing to dive into source code here. Any cvs link I could
> get pam_unix.so source from?
http://sourceforge.net/projects/pam
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
More information about the Pam-list
mailing list