Casper.Dik at Sun.COM wrote: >> On Sun, Jul 05, 2009 at 05:02:04PM +0200, Casper.Dik at Sun.COM wrote: >>>> Not so much exec_attr as getusernam(3C). >>> And why would that fail? >> As root it might fail. The reason is that the directory might not want >> to let host entities see user data, while allowing users to see it. >> Enabling that was the point of self-credentialled name service lookups. >> >> In an environment that demands that pfexecd should fork helper processes >> to do the name service lookups as the users that are exec()ing things. > > The current implementation uses the client's effective uid and group id. > pfexec() always calls getusernam() with an effective uid of root. > > Both the current implementation and the proposed implementation will > call nscd with the same effective uid and no change in behaviour will > be seen.
Great, so self-credentialled lookups don't change anything for this case. I'm happy now. -- Darren J Moffat
