On 11/21/2016 05:01 AM, Catalin wrote: > I'm not skilled with this config files of networking. > I want to know more about how is working this file. This file lists the possible sources of user/group/host/etc. data that the system may wish to use. In the case of 'sss', it is opportunistic. What that means is that if SSSD has been configured, the system will use it. If it is unconfigured (the default configuration), then the 'sss' lookup will just be skipped. > I saw this can activate some dns settings - but this is not the main issue. I don't know what you mean by this. If SSSD is configured, it might make DNS requests, but so can any other service on your system. > Why is that sss word put into default file? It's there to work around a number of really old, poor design decisions in POSIX. (Specifically that the nsswitch.conf file is only ever read once when a process linked to glibc starts up and cannot be refreshed). The problem was that if anyone enrolled a system with a central user repository like LDAP, FreeIPA or Active Directory, processes on the system would still be unable to access those accounts until after a reboot. > How can I improve my Fedora security? That is a topic that is far beyond the scope of this thread. > I used into internet rarely and most of new config files is new for me. If you don't know what this does, why are you trying to change it (rather than trusting that the OS developers made the decision carefully).
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
