Date: Thu, 20 Jul 95 12:26:21 MDT From: terry@cs.weber.edu (Terry Lambert) To: wpaul@skynet.ctr.columbia.edu (A boy and his worm gear) Cc: iidpwr@lightlink.satcom.net, jim@reptiles.org, hackers@freebsd.org Subject: Re: getpwent() YP/NIS bugu Message-ID: <9507201826.AA02637@cs.weber.edu> In-Reply-To: <199507201557.LAA03486@skynet.ctr.columbia.edu> from "A boy and his worm gear" at Jul 20, 95 11:57:56 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > The "real problem" (tm) is that once it sees the "+" it shouldn't care > > about the rest of it. > > > > The place this is broken is in the pwmkdb, which should assume the rest > > to the end of the line *for you* when you put in a naked '+:' > > (not just a naked '+', followed by anything, since netgroups are > > identified that way). > > I'm sorry Terry, but I can't parse this to save my life. The only difference > between FreeBSD's magic NIS override handling and SunOS's handling (that I > can tell from looking at the Sun man pages and observing SunOS's behavior) > is that FreeBSD remaps the UID and GID fields and SunOS doesn't. (There's > another difference which is that FreeBSD will also remap the extra > fields in master.passwd-style password files, but since there is no > direct analogue to master.passwd in SunOS, it's difficult to say whether > this behavior is correct or not.) Start paddling, then 8-). The BSD problem is that there is no manual. This wouldn't really be a problem, except that: > The wildcard entry (+::0:0::: in SunOS or +::::::::: in FreeBSD) should > _not_ require any special handling in pwd_mkdb. It's just another magic > NIS entry like all the others, except, being a wildcard, it matches > against everybody. You don't believe me? Go to any NIS client machine and > change +::0:0::: to +:*:0:0::: and see what happens; all users NIS users > will have '*' as their password. Now go to FreeBSD and do the same thing; > again, all passwords will be remapped to '*'. The BSD mechanism doesn't match anyones mechanism for which there is a manual. This would probably be fixable at system configuration time if there was a way to ask about NIS and add the entries without user intervention and the need for "magic" knowledge. One possible mechanism is "NIS" and "NONIS" arguments to pwmkdb and never exporting the NIS stuff to user editable fields. This isn't a general soloution unless there's a "vigroup" to go with "vipw", or the following suggestion is implemented to change library behaviour without any passwd/group file entries at all: > The only way I can see to resolve this is to create an /etc/nis.conf file > that lets you configure FreeBSD's NIS behavior just like /etc/host.conf > lets you configure the resolver. Now *this* is a good idea. > nis_use_master_passwd_maps=yes > nis_freebsd_style_netgroups=yes > nis_remap_all_passwd_fields=yes > > Those are the three main issues I can think of for now. If people > think this is a good idea, now's the time to speak up so that I can > start working on it and get all the man pages in order. Suggestions > for other options would be welcome too. # Set this to 'yes' if you want to have NIS propagate long UID and GID # fields. This should be set to 'no' if you have even one single machine # in your NIS domain that uses 16 bit UID or GID fields! # nis_allow_big_ids=no Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9507201826.AA02637>