Date: Mon, 27 Sep 2004 13:06:32 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Tillman Hodgson <tillman@seekingfire.com> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: nsswitch.conf: How does one use netgroups/over-ride passwd fields? Message-ID: <20040927180632.GD90839@dan.emsphone.com> In-Reply-To: <20040927174844.GC83726@seekingfire.com> References: <20040927164329.GA83726@seekingfire.com> <20040927170641.GB90839@dan.emsphone.com> <20040927174844.GC83726@seekingfire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Sep 27), Tillman Hodgson said: > I know that nsswitch.conf defaults to traditional behaviour (compat > mode). The non-compat modes are intriguing, though, and I don't know > much about them. So I thought I'd see if I can get traditional > behaviour through the newer mechanisms. This might make migrations > (for example) a bit easier. They are basically serial lookups; if a user isn't found in the first source, try the next, etc. [notfound] allows for quick termination if later sources are just fallback ones in case the primary doesn't respond. > passwd: nis [notfound=return,netgroup=dept1,dept2,admins] files > > Possibly I'm missing a point somewhere :-) What is it about netgroups > that don't make sense in an nsswitch.conf world? I have only known them to be useful as part of +/- records; for example to only allow matching users in the "access" netgroup log into a machine: +@access::0:0::: +::0:0:::/usr/local/bin/nologin It may be that netgroup's real purpose is something else that I have not yet discovered :) -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040927180632.GD90839>