Andreas Schwab schrieb:
On Feb 05 2020, Ludwig Nussel wrote:
Even extra authentication methods could probably be determined automatically by looking at the system. Ie if sssd or ypbind are enabled it's not unlikely that those are meant to be used for authentication, right?
NSS is not about authentication, it is about database lookup.
Sure. Still, a very common case when modification of nsswitch.conf is needed is when the system is switched from pure local authentication to something remote which then also requires changing DB lookups. So the point is if we can determine that automatically we don't need several places to configure something that can then lead to inconsistencies. Ie right now one has to usually - configure some service - enable that service - adjust the pam config - adjust nsswitch Maybe the first two¹ could be sufficient if the system was smart? Looking at nss/nsswitch.c in glibc at least it has built in defaults. Means as a first step we don't even need to ship any nsswitch.conf anymore as we can build glibc to have the right defaults for our main distros.
But like PAM, size^Worder matters.
That still allows to implicitly assume the most common order while keeping the possibility to change it via config. I don't think that eg yast allows to change the order where it inserts eg NIS either.
And just because there is nss_ldap in your system does not mean that you can do an LDAP lookup.
Ok so pure presence of the file isn't good enough for auto detection. That doesn't invalidate the point though :-) cu Ludwig [1] I'm sure you will come up with an example where it is either a service or a config file. Doesn't change overall idea though :-) -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org