Subject: Re: Hesiod passwd entries and login classes -- don't seem to mix?
To: Greg Hudson <ghudson@MIT.EDU>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 02/08/2000 11:19:19
by redmail.netbsd.org with SMTP; 8 Feb 2000 16:19:21 -0000
by mail2.panix.com (Postfix) with ESMTP
id EF28F155C7; Tue, 8 Feb 2000 11:19:19 -0500 (EST)
Date: Tue, 8 Feb 2000 11:19:19 -0500
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: Greg Hudson <ghudson@MIT.EDU>
Cc: current-users@netbsd.org, tech-security@netbsd.org
Subject: Re: Hesiod passwd entries and login classes -- don't seem to mix?
Message-ID: <20000208111919.A18338@rek.tjls.com>
Reply-To: tls@rek.tjls.com
References: <B4C54236.2A12%gadams@avernus.com> <200002081514.KAA13682@small-gods.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200002081514.KAA13682@small-gods.mit.edu>; from ghudson@MIT.EDU on Tue, Feb 08, 2000 at 10:14:20AM -0500
On Tue, Feb 08, 2000 at 10:14:20AM -0500, Greg Hudson wrote:
> > This sounds like a perfect use for the new login.conf mechanism,
> > using user classes. Great! But, from looking in
> > lib/libc/gen/getpwent.c (and from trying it), there seems to be no
> > way for libc to fetch the three new-style passwd fields via Hesiod.
> > getpwent assumes Hesiod entries are in the old passwd format.
>
> Yeah, you're not the first one to want the new-style passwd fields in
> Hesiod (although you might be the second). If the passwd map were in
> an extensible format, it would be more feasible.
Put me down as the third, then.
Though we have trouble here with people forging DNS responses. If I
start using Hesiod I will also probably have to start using secure
DNS, to avoid nastiness like people's shells being 'overridden'.