Date: Fri, 09 Sep 2016 20:13:02 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Garrett Wollman <wollman@bimajority.org> Cc: freebsd-arch@freebsd.org, freebsd-security@freebsd.org Subject: Re: Trying to think out a hack for NSS and pw(8) Message-ID: <67593.1473451982@critter.freebsd.dk> In-Reply-To: <22483.5592.653250.726711@hergotha.csail.mit.edu> References: <22483.5592.653250.726711@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
-------- In message <22483.5592.653250.726711@hergotha.csail.mit.edu>, Garrett Woll= man w rites: > Puppet invokes pw(8) to actually perform the >modifications, but I suspect it also uses native code from the Ruby >standard library to actually do pre-modification lookups. >[...] >Looking at the code in both nss-pam-ldapd and libc, it seems like the >only plausible way to fix this is to add functionality to nsswitch >which would allow it to use different configurations depending on the >identity of the process invoking getpwnam(3) or getgrnam(3). You want to add a futher layer of complications to the the already far too complicated user/group/authentication code in FreeBSD, just because you don't want to look at Puppets Ruby code ? Really ? -- = Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe = Never attribute to malice what can adequately be explained by incompetence= .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?67593.1473451982>