[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#563987: /lib/libnss_hesiod.so.2: hesiod users not fully supported

Ken Raeburn a écrit :
> Aurelien Jarno wrote:
>> Wouldn't it be possible to also use Kerberos for shadow information, as
>> it is actually where the encrypted passwords are stored?
>>   
> 
> Kerberos doesn't necessarily have the information in its database, and 
> the protocol provides no way to pass the information around.
> 
>> Other nsswitch modules provide both interfaces, because there is
>> actually a shadow database. Hesiod does not provide a shadow database.
>>
>> The only thing that can be done is to provide functions that will always
>> return an error. Not sure it is really useful.
>>   
> If that's the model -- that it's permissible for there not to be shadow 
> data -- then yes, the Hesiod code is okay and this is a pam bug...
> 

It's permissible, but as said not really useful. That won't change the
value returned by getspnam(), which already return -1 when an entry is
not found. This returned value simply means that shadow entry exists for
the given name.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: