Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 08 Aug 2011 19:40:21 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r224674 - head/etc
Message-ID:  <4E409E15.2080708@FreeBSD.org>
In-Reply-To: <5A22B4EF-3B5A-497D-8F7C-8D9EED3F1BE3@FreeBSD.org>
References:  <201108060916.p769Gr4A043462@svn.freebsd.org> <9DDF0DAB-9056-45CD-8CE9-81B621A35B13@nitro.dk> <5A22B4EF-3B5A-497D-8F7C-8D9EED3F1BE3@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------000400010700050905030004
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

On 08/08/2011 02:42, Bjoern A. Zeeb wrote:

> Back in the days, when I introduced NO_NIS (which was the name back
> then), I considered both this and something along Ed's initial change
> and I am sure some of the discussions can still be found in the
> archives (from around 2005/-2y).
> 
> While I could never be bothered enough to do the Ed-kind of change,
> it was very clear back then that a change like this was a really bad
> idea as it would break setups left and right. 

Ed's change was perfectly safe since if you're defining WITHOUT_NIS not
having the system depend on NIS is a feature.

> We want to support the
> default compilation base system by default as well.  If people prefer
> to go non- default (WITHOUT_NIS), it's fine to have them make other
> adjustments to alter defaults as well or live with the logging.

A) Your argument is a red herring to start with. Out of the box we don't
support NIS. At minimum you have to enable rpcbind_ and nis_client_, and
set nisdomain. So no matter how you cut it, the system as it shipped by
default prior to my change was broken. Ed's change was an incremental
improvement.

B) The argument that we should ship something broken by default is just
plain stupid. The fact that we've been doing it for a long time isn't an
excuse.

So users who wish to use NIS (of which I am one, btw) already have to
configure it. Asking them to configure one more file out of a default
install is not a huge burden, and will prevent us shipping the system
broken-by-default.

However, to make things more clear I'm suggesting the attached, which
has the UPDATING entry and a note for etc/defaults/rc.conf so that users
who need to configure NIS will know that they need to make this change too.

For those who are upgrading an existing installation I have no sympathy
for blindly installing new files into /etc.

> The solution as is now is even more confusing as both Ed and Doug
> have missed to update the man page to clarify the new behaviour.

It's not clear to me exactly what needs changing (and I did review the
man page several times before making my patch). It describes the default
behavior if the file does not exist, but I'm not sure how that's
relevant? If you have suggestions for changes I'd be glad to take a look.

> I also do not like the longerish version of the file now

Seriously?

> and the new 
> description is only talking about nis but ignoring all other
> sources, which we do not provide samples for, for the inconvenience
> of people wanting to use those.

NIS is already a minority of our users. I'm sure anyone who is using
anything else that's relevant to nsswitch.conf is already well aware of
how to configure it. However, if you have suggestions for improving that
comment that's fine. It might make the file longer though. :)


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/


--------------000400010700050905030004
Content-Type: text/plain;
 name="nis.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="nis.diff"

Index: UPDATING
===================================================================
--- UPDATING	(revision 224688)
+++ UPDATING	(working copy)
@@ -22,6 +22,10 @@
 	machines to maximize performance.  (To disable malloc debugging, run
 	ln -s aj /etc/malloc.conf.)
 
+20110806:
+	Prior versions of nsswitch.conf explicitly enabled NIS lookup of group,
+	passwd, and services information.  It is now disabled by default.
+
 20110628:
 	The packet filter (pf) code has been updated to OpenBSD 4.5.
 	You need to update userland tools to be in sync with kernel.
Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf	(revision 224688)
+++ etc/defaults/rc.conf	(working copy)
@@ -363,6 +363,7 @@
 				# Flags to ntpd (if enabled).
 
 # Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
+# Adust /etc/nsswitch.conf appropriately as well
 nis_client_enable="NO"		# We're an NIS client (or NO).
 nis_client_flags=""		# Flags to ypbind (if enabled).
 nis_ypset_enable="NO"		# Run ypset at boot time (or NO).

--------------000400010700050905030004--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E409E15.2080708>