[issue14748] spwd.getspall() is returning LDAP (non local) users too

2013-07-05 Thread Christian Heimes 

Christian Heimes added the comment:

Dave has explained the problem very well. I like to add one thing. The module 
just returns what your operation system's getspent() API returns. 
http://linux.die.net/man/3/getspnam

Please ask your vendor for more details, too.

--
nosy: +christian.heimes
resolution:  -> invalid
stage:  -> committed/rejected
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14748] spwd.getspall() is returning LDAP (non local) users too

2012-05-08 Thread Dave Malcolm 

Dave Malcolm  added the comment:

Like passwd and group information, the shadow password entries are pulled 
through libc's Name Service Switch and modules for it, depending on 
configuration.

See "man nsswitch.conf".

Hence this is likely to be a configuration difference between the two boxes.  
Some notes from one of my Red Hat colleagues:
* Is a module listed in /etc/nsswitch.conf so that it'll be used to look
  up "shadow" information?
* Does the module support looking up shadow information?
  The libnss_ldap.so.2 stub from nss-pam-ldapd does; SSSD (at least
  version 1.8.3) doesn't.
* Are there shadowAccount entries in the directory server?
  An IPA server won't have them, because IPA makes use of the directory
  server's built-in password policy functionality to avoid depending on
  clients to enforce aging policies.
* Is the client performing the lookup authorized to read the shadow data
  from the directory server?
* Does the client perform any additional access control?
  The daemon in nss-pam-ldapd only exposes shadow information to
  processes running as UID 0.
etc

Hope this is helpful

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14748] spwd.getspall() is returning LDAP (non local) users too

2012-05-08 Thread Antoine Pitrou 

Changes by Antoine Pitrou :


--
nosy: +dmalcolm

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14748] spwd.getspall() is returning LDAP (non local) users too

2012-05-08 Thread halfie 

New submission from halfie :

spwd.getspall() is returning LDAP (non local) users too. 

On RHEL 6.2 machine with LDAP authentication configured, spwd.getspall() 
is returning LDAP (non local) users too. On a similarly configured CentOS 6.2 
machine, spwd.getspall() is returning only local users.

Is spwd.getspall() supposed to return LDAP users? (If yes, this should to 
documented). Why is spwd.getspall() behavior different on different Linux OSes?

--
components: Library (Lib)
messages: 160188
nosy: halfie
priority: normal
severity: normal
status: open
title: spwd.getspall() is returning LDAP (non local) users too
type: behavior
versions: Python 2.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com