From owner-freebsd-hackers  Tue Jul 20  4: 3: 0 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from tardis.patho.gen.nz (tardis.patho.gen.nz [203.97.2.226])
	by hub.freebsd.org (Postfix) with ESMTP id 9B50B151AA
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 20 Jul 1999 04:02:54 -0700 (PDT)
	(envelope-from jabley@tardis.patho.gen.nz)
Received: (from jabley@localhost)
	by tardis.patho.gen.nz (8.9.3/8.9.3) id WAA16305;
	Tue, 20 Jul 1999 22:59:30 +1200 (NZST)
Date: Tue, 20 Jul 1999 22:59:30 +1200
From: Joe Abley <jabley@patho.gen.nz>
To: Oscar Bonilla <obonilla@fisicc-ufm.edu>
Cc: Wes Peters <wes@softweyr.com>, Mike Smith <mike@smith.net.au>,
	"David E. Cross" <crossd@cs.rpi.edu>,
	Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: PAM & LDAP in FreeBSD
Message-ID: <19990720225929.A9510@patho.gen.nz>
References: <199907192111.OAA01326@dingo.cdrom.com> <3793ABE0.15090E38@softweyr.com> <19990719180026.A830@fisicc-ufm.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.5i
In-Reply-To: <19990719180026.A830@fisicc-ufm.edu>; from Oscar Bonilla on Mon, Jul 19, 1999 at 06:00:26PM -0600
X-Files: the Truth is Out There
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jul 19, 1999 at 06:00:26PM -0600, Oscar Bonilla wrote:
> I agree. In solaris (and linux by the way) all you do is set
> passwd 	ldap files
> in /etc/nsswitch.conf
> and that's it.

In Solaris, it's

passwd: ldap files
      ^

nsswitch.conf(4), SunOS 5.5.1:

     ...
     There is an entry in /etc/nsswitch.conf for  each  database.
     Typically  these entries will be simple, such as "protocols:
     files" or "networks: files nisplus".  However, when multiple
     sources  are  specified  it is sometimes necessary to define
     precisely the circumstances under which each source will  be
     tried.  A source can return one of the following codes:

          Status          Meaning
          SUCCESS         Requested database entry was found
          UNAVAIL         Source is not responding or corrupted
          NOTFOUND        Source responded "no such entry"
          TRYAGAIN        Source  is  busy,  might   respond   to
                          retries

     For each status code, two actions are possible:

          Action          Meaning
          continue        Try the next source in the list
          return          Return now

     The complete syntax of an entry is

     <entry>     ::= <database> ":" [<source> [<criteria>]]*
     <criteria>  ::= "[" <criterion>+ "]"
     <criterion> ::= <status> "=" <action>
     <status>    ::= "success" | "notfound" | "unavail" | "tryagain"
     <action>    ::= "return"  | "continue"
     ...

Actually, this message is now bordering on the useful, when all I meant
to be was pedantic. I'll stop now, before I go too far; suffice to say
the Solaris implementation has some other elements worthy of consideration
if compatability is worth aiming for.

It's maybe worth mentioning that /etc/host.conf might be a candidate for
the attic if the Solaris implementation was adopted on a wholesale basis
(i.e. including the "hosts:" key).


Joe



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message