-------- In message <[email protected]>, Garrett Wollman w rites:
> Puppet invokes pw(8) to actually perform the >modifications, but I suspect it also uses native code from the Ruby >standard library to actually do pre-modification lookups. >[...] >Looking at the code in both nss-pam-ldapd and libc, it seems like the >only plausible way to fix this is to add functionality to nsswitch >which would allow it to use different configurations depending on the >identity of the process invoking getpwnam(3) or getgrnam(3). You want to add a futher layer of complications to the the already far too complicated user/group/authentication code in FreeBSD, just because you don't want to look at Puppets Ruby code ? Really ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [email protected] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
