On 11/27/18 12:48 AM, Ian Kent wrote:
On Mon, 2018-11-26 at 14:38 +0100, Pavel Březina wrote:
On 11/26/18 2:21 PM, Stephen Gallagher wrote:
On Mon, Nov 26, 2018 at 8:16 AM Pavel Březina <pbrezina@xxxxxxxxxx> wrote:
This e-mail is long so I just put the question here before explanation:
Do you know about any package that installs an nsswitch.conf module and
automatically enables it in /etc/nsswitch.conf? So far I have two
packages - nss-mdns and systemd.
Why?
As you might have noticed, in Fedora 28 we switched from authconfig to
authselect. This brought some adoption issues and feature requests which
we tried hard to resolved, mostly related to nsswitch.conf. Thank you
for all your feedback.
At this point I am aware of only one nsswitch.conf related issue that we
would like to fix. The problem is that when you choose to use authselect
you are no longer allowed to touch /etc/nsswitch.conf (and various file
in /etc/pam.d) manually but you should use authselect and its profiles
instead.
However, this does not work well for small environments (possibly single
user machines) where you want to just change something in nsswitch.conf
and do not want to create custom profile. For this, we introduced
/etc/authselect/user-nsswitch.conf and 'authselect apply-changes'
command to do this the authselect way (of course you are free to not use
authselect and just modify the files manually).
But there are some packages that installs nsswitch modules and
automatically puts them in /etc/nsswitch.conf in %post which conflicts
with authselect. We would like to provide an authselect call for these
packages, that would make sure it does not conflict with authselect [1].
I started working on a design for such feature and I'm trying to obtain
list of all packages that installs nsswitch modules and automatically
enable them in /etc/nsswitch.conf.
So far I was able to find these packages:
- nss-altfiles
- nss_db
- nss-mdns
- nss_nis
- nss-pam-ldapd
- nss_updatedb
- sssd
- systemd
But only two of them (nss-mdns, systemd) touches /etc/nsswitch.conf. Do
you know about any other package?
Thank you,
Pavel.
[1] https://github.com/pbrezina/authselect/issues/77
IIRC, doesn't autofs also use nsswitch.conf for configuration?
Yes, but it is not part of glibc. AFAIK it works similar to sudo -
lookup automount line in nsswitch.conf and acts according to its
settings. But it does not have proper support in glibc.
Yes, automount uses the "automount:" line of nsswitch.conf.
It doesn't mess with nsswitch.conf and I'm not willing to
change a file autofs doesn't own, it's the users responsibility
to set the autofs map sources they need.
Umm .. "proper" ... I'll take that to just mean I don't use
the glibc API rather than a criticism of what I chose to do.
Yes, no criticism. It was meant the other way around, that glibc does
not provide any autofs api. But again, not criticism for glibc either.
Originally I tried to use the glibc API and I even had autofs
specific nsswitch example code but I found I couldn't do what
I needed. When I did this I didn't have time to work through
the glibc API code to work out if it did provide what I needed
so I wrote my own parser.
If I need to change that then I'll need pointers to adequate
glibc nsswitch API documentation as I still don't want to dive
into the glibc code to work out how do this.
Ian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
