Re: NIS and /etc/passwd

[David Holland <dholland-tech%netbsd.org@localhost>]

On Thu, Nov 14, 2013 at 10:40:17PM +0100, Joerg Sonnenberger wrote:
 > > > NSS can express at least the part of "look into passwd and continue if
 > > > no match was found". It would be easy to have a NIS config file to
 > > > express "look for / accept the following users/groups/patterns". As
 > > > such, I don't see the need for keeping it in /etc/passwd. In fact,
 > > > having such a filter functionality would likely be useful for a number
 > > > of data sources. It could certainly make the code much clearer by
 > > > prodiving composition of independent modules.
 > > 
 > > But what it cannot do is "this user account is in NIS, use all the
 > > details but override the users home directory or shell", this can be a
 > > very useful thing to do sometimes.
 > 
 > This sounds like an even worse layering violation :) But again, I see no
 > reason why it should be in the NIS layer nor do I see incomplete records
 > belong into /etc/passwd. This brings me back to the question of what
 > functionality is required and how can it be obtained in a clean way. If
 > it is very useful, it would be desirable i.e. for nss_ldap as well.

In theory you can use it with ldap by setting passwd_compat: ldap in
nsswitch.conf. If this doesn't work, we should restructure until it
does.

-- 
David A. Holland
dholland%netbsd.org@localhost