Re: NIS and /etc/passwd

[David Holland <dholland-tech%netbsd.org@localhost>]

On Sun, Nov 10, 2013 at 10:33:22PM +0100, Joerg Sonnenberger wrote:
 > > Unless you want to remove the features (e.g. being able to select some
 > > but not all accounts from an external source) the complexity is a
 > > given.
 > 
 > NSS can express at least the part of "look into passwd and continue if
 > no match was found". It would be easy to have a NIS config file to
 > express "look for / accept the following users/groups/patterns". As
 > such, I don't see the need for keeping it in /etc/passwd. In fact,
 > having such a filter functionality would likely be useful for a number
 > of data sources.

...yes, yes it would, that's why we have such functionality and why
there's a setting in nsswitch.conf to choose where the "compat" syntax
pulls from.

 > It could certainly make the code much clearer by
 > providing composition of independent modules.

Except that from the administrator's perspective, the password file is
where you configure users. An organization of the implementation that
doesn't match its interface or functional behavior isn't much good,
regardless of how independent or compositional the internal parts may
appear.

If anything I would extend the syntax so you can pull from arbitrary
nss sources, something like

   +[nis]::::::

and restructure the implementation as necessary to make this work
properly.

I suppose I should put this on my list of things to look at.

-- 
David A. Holland
dholland%netbsd.org@localhost