tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: mail.local NSS awareness

On Tue, Apr 29, 2008 at 08:25:41PM +1000, Luke Mewburn wrote:
> POSIX doesn't document that getpwnam() can fail with EAGAIN or ETIMEDOUT;
> I think you'd be relying upon implementation-specific values.

Right, then that means that it is just impossible to comply with the
standard and have a reliable mail.local using NSS.

> Arguably the retry after temporary failure could be dealt with via
> the nsswitch.conf interface
> which could be used to force retries on temporary failures "forever"
> or for "n" retries.

Both alternative will cause problems with a mail server where the NSS's
passwd source may fail (LDAP is the most widespread example)
- If NSS retries forever then you'll fill the process table with mail.local
instances as the MTA will try to get messages delivered. 
- If NSS retries n times and finally give up with errno = 0, then 
mail.local cannot report the temporary failure.

My conclusion is that NSS passwd sources must be reimplemented into 
mail.local in order to acheive reliability and standard conformance. If 
you use LDAP, you need a LDAP-aware mail.local. This is a shame, since
it defeats the prupose of NSS.

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index