Subject: Re: kerberos in 1.5_ALPHA
To: None <current-users@netbsd.org>
From: S.P.Zeidler <spz@serpens.de>
List: current-users
Date: 07/16/2000 12:23:50
Thus wrote Greywolf (greywolf@starwolf.com):
> On Sun, 9 Jul 2000, Izumi Tsutsui wrote:
>
> # In <200007090325.NAA25738@avalon.reed.wattle.id.au>
> # darrenr@reed.wattle.id.au wrote:
>
> ...that I wrote
> #
> # >> I think an even better question is 'why will it not just fall back and change
> # >> the local password when it can't contact kerberos or yp'?
> #
> # > Ah, no. If I set it up for kerberos/yp, I don't want that to happen.
> #
> # I think it should be configurable to enable or disable kerberos
> # at runtime by some configuration files (like passwd.conf/nsswitch.conf).
>
> /me smacks head. "D'OH!" I knew that file was there for something.
> nsswitch.conf rocks well.
It does? I can't say that:
group: files
hosts: files dns
netgroup: files
networks: files
passwd: files
shells: files
prevents passwd from trying to reach a KDC (even though there is none and
there is no indication in the system that there might be one, and there
will be none either).
I think mandatorily including both nis and kerberos is going overboard,
especially as it breaks previous behaviour in "common luser" interface
without much discernible wins, anywhere.
It's somewhat ok if the default distribution provides both, but I want
to be able to get rid of them if I compile my own system.
Also if there is a possibility to at least tell passwd and friends not to
bother trying nis or krb (the mentioning of passwd.conf suggests that), it
would be nice if there was some shred of documentation; currently I find
neither a sample file nor a manpage (can't supply one, too, as I have no
idea what would be in there).
kind regards,
spz
--
spz@serpens.de (S.P.Zeidler)