Bug#365048: libc6 does not respect STATUS and ACTION options in nsswitch.conf
On Fri, Apr 28, 2006 at 10:51:38AM -0400, Jesse W. Hathaway wrote:
> I do understand why this feature is needed. However, the additional
> feature of having the ability to disable this function is also needed.
> It is quite common to not have any of the users, used for system
> daemons, to be included in groups found in network directories. It seems
> needless to query network directories for system daemons such as apache.
Yes, in some cases such a feature would be useful, but that feature
currently does not exist.
> Enumeration is a lookup process, so I still think the man page is
> unclear, as to what effect the action statement will have in the group
> database option.
The documentation might be improved, but the documentation of SUCCESS
talks about the "wanted entry" and the documentation of NOTFOUND talks
about "the needed value", both terms having no meaning for enumeration.
Well, you can interpret those terms as "all possible entries"; either
way you get that SUCCESS and NOTFOUND action rules have no effect on
enumeration.
> Given that one of the main features of LDAP and NIS are consistent
> groups across all machines, I think it would be beneficial to support
> querying network directories selectively.
I think the reason this was not solved much easier is that it is not a
problem for NIS/NIS+. They need much less resources than LDAP.
Enumerating over a couple thousand users using NIS+ was not a problem
when I last did it; doing the same with LDAP produces quite a
significant load.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences,
Laboratory of Parallel and Distributed Systems
Address : H-1132 Budapest Victor Hugo u. 18-22. Hungary
Phone/Fax : +36 1 329-78-64 (secretary)
W3 : http://www.lpds.sztaki.hu
---------------------------------------------------------
Reply to: