Bug#563987: /lib/libnss_hesiod.so.2: hesiod users not fully supported
Aurelien Jarno wrote:
Wouldn't it be possible to also use Kerberos for shadow information, as
it is actually where the encrypted passwords are stored?
Kerberos doesn't necessarily have the information in its database, and
the protocol provides no way to pass the information around.
If that's the model -- that it's permissible for there not to be shadow
data -- then yes, the Hesiod code is okay and this is a pam bug...
Other nsswitch modules provide both interfaces, because there is
actually a shadow database. Hesiod does not provide a shadow database.
The only thing that can be done is to provide functions that will always
return an error. Not sure it is really useful.