Andreas Schwab schrieb:
On Feb 05 2020, Ludwig Nussel wrote:
Even extra authentication methods could probably
automatically by looking at the system. Ie if sssd or ypbind are
enabled it's not unlikely that those are meant to be used for
NSS is not about authentication, it is about database lookup.
Sure. Still, a very common case when modification of nsswitch.conf
is needed is when the system is switched from pure local
authentication to something remote which then also requires changing
DB lookups. So the point is if we can determine that automatically
we don't need several places to configure something that can then
lead to inconsistencies.
Ie right now one has to usually
- configure some service
- enable that service
- adjust the pam config
- adjust nsswitch
Maybe the first two¹ could be sufficient if the system was smart?
Looking at nss/nsswitch.c in glibc at least it has built in
defaults. Means as a first step we don't even need to ship any
nsswitch.conf anymore as we can build glibc to have the right
defaults for our main distros.
But like PAM, size^Worder matters.
That still allows to implicitly assume the most common order while
keeping the possibility to change it via config. I don't think that
eg yast allows to change the order where it inserts eg NIS either.
And just because there is nss_ldap
in your system does not mean that you can do an LDAP lookup.
Ok so pure presence of the file isn't good enough for auto
detection. That doesn't invalidate the point though :-)
 I'm sure you will come up with an example where it is either a
service or a config file. Doesn't change overall idea though :-)
(o_ Ludwig Nussel
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer
HRB 36809 (AG Nürnberg)
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org