From owner-freebsd-questions@FreeBSD.ORG Mon Sep 27 17:48:45 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E39516A4CE for ; Mon, 27 Sep 2004 17:48:45 +0000 (GMT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13DC643D46 for ; Mon, 27 Sep 2004 17:48:45 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id C98ED3A4; Mon, 27 Sep 2004 11:48:44 -0600 (CST) Date: Mon, 27 Sep 2004 11:48:44 -0600 From: Tillman Hodgson To: FreeBSD-Questions Message-ID: <20040927174844.GC83726@seekingfire.com> References: <20040927164329.GA83726@seekingfire.com> <20040927170641.GB90839@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040927170641.GB90839@dan.emsphone.com> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: Re: nsswitch.conf: How does one use netgroups/over-ride passwd fields? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Sep 2004 17:48:45 -0000 On Mon, Sep 27, 2004 at 12:06:41PM -0500, Dan Nelson wrote: > In the last episode (Sep 27), Tillman Hodgson said: > > I've been poking through the nsswitch.conf manpage in preparation for > > moving some machiens to 5.3 (from 4.10). This machines participate in > > an NIS domain which uses netgroups. It also over-rides passwd fields > > (like the shell field) in certain cases. > > > > How does one do that with nsswitch.conf if I want to avoid compat mode? > > I don't think you can. netgroups (and +/- records and field > overriding) only make sense in compat mode. passwd and group both > default to "compat", and passwd_compat and group_compat both default to > "nis", so you shouldn't have to make any changes to nsswitch.conf. I know that nsswitch.conf defaults to traditional behaviour (compat mode). The non-compat modes are intriguing, though, and I don't know much about them. So I thought I'd see if I can get traditional behaviour through the newer mechanisms. This might make migrations (for example) a bit easier. The field over-riding makes sense (and I can work around it easily enough). Netgroups seems important though, especially since NIS doesn't do multiple domains. Something like this is what I was hoping could be made to work: passwd: nis [notfound=return,netgroup=dept1,dept2,admins] files Possibly I'm missing a point somewhere :-) What is it about netgroups that don't make sense in an nsswitch.conf world? -T -- It used to be said [...] that AIX looks like one space alien discovered Unix, and described it to another different space alien who then implemented AIX. But their universal translators were broken and they'd had to gesture a lot. - A.S.R. quote (Paul Tomblin)