Alexander E. Patrakov wrote these words on 08/01/07 23:00 CST: > Very interesting. Could you please paste the output of the following > commands from one of them (assuming that the user "randy" is in Kerberos): > > getent passwd randy > id randy > strace id randy
Please allow me to do some additional research on stand-alone Kerberos installations. At this point I believe I'm wrong with the statements I made earlier as I was going on memory and all my installations combine LDAP/Kerberos/PAM/nss_db to eliminate the /etc/passwd file. After thinking about it, and studying your comment, I now think that a stand-alone Kerberos installation *does* use /etc/passwd for the Glibc 'getent' and 'id' functions. My bad, and sorry for the confusion. My experience is in creating a Kerberos environment that does *not* rely on /etc/passwd, as it uses the nss_db Glibc function to do take care of things (which fetches LDAP information instead of /etc/passwd information). See my incomplete (and not really worthwhile, nor fully functional) hint about this subject at http://www.mcmurchy.com/lfs/ldap-nameservice.txt I never finished this hint due to an inherent flaw with nss_db. I now think that is why Ulrich dropped nss-db years ago from the Glibc base package. I'll discuss this further if anyone is interested. The hint works, and is workable in most cases, but there are limitations. But for most instances it could substitute for NIS. There is a flaw, however. Though it may not be seen in most installations. As an aside and pure coincidence, I'm subscribed to the Heimdal Kerberos mailing list and there is a thread about a situation with OpenSSH. You can see it at http://www.stacken.kth.se/lists/heimdal-discuss/2001-01/msg00006.html I did not read the thread, and I don't know if there is anything that may be helpful to the situation we're discussing. However there may be information that may be useful. If not, sorry to lead you into a dead end. -- Randy rmlscsi: [bogomips 1003.26] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3] [GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686] 00:51:00 up 42 min, 1 user, load average: 0.01, 0.18, 0.20 -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
