> Jarrett Lu wrote:
> > In the DMZ example, it's correct that user identity can be centrally
> > administered in
> > an LDAP database. However, passwd files need not be shared by all zones. In
> > fact each zone can have its own copy of passwd file so that the zone
> > admin can
> > administer users on per zone bases.
>
> Do we document how to do that though ? Since by default getpwnam will
> use nscd and given that the door points to the global zone one the local
> /etc/passwd file never gets consulted.
Hummm, is something different here, I thought getXbyY in each labeled
zone would follow nsswitch.conf and go to nscd (global zone only)
only for name services. Is nscd involved with files lookups?
Gary..
