[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#563987: /lib/libnss_hesiod.so.2: hesiod users not fully supported

Aurelien Jarno wrote:
Wouldn't it be possible to also use Kerberos for shadow information, as
it is actually where the encrypted passwords are stored?

Kerberos doesn't necessarily have the information in its database, and the protocol provides no way to pass the information around.

Other nsswitch modules provide both interfaces, because there is
actually a shadow database. Hesiod does not provide a shadow database.

The only thing that can be done is to provide functions that will always
return an error. Not sure it is really useful.
If that's the model -- that it's permissible for there not to be shadow data -- then yes, the Hesiod code is okay and this is a pam bug...


Reply to: