aboutsummaryrefslogtreecommitdiff
path: root/nis/nss
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2010-04-07 07:37:39 -0700
committerUlrich Drepper <drepper@redhat.com>2010-04-07 07:37:39 -0700
commit71170aa0a956c59d8bad0cf6f5ed31d78c90e332 (patch)
treec0428fb66305c008cad25843aa73508cf469e7af /nis/nss
parent76b667f12d08588854a93774176ff37116049ff6 (diff)
downloadglibc-71170aa0a956c59d8bad0cf6f5ed31d78c90e332.zip
glibc-71170aa0a956c59d8bad0cf6f5ed31d78c90e332.tar.gz
glibc-71170aa0a956c59d8bad0cf6f5ed31d78c90e332.tar.bz2
Implement new mode for NIS passwd.adjunct.byname table.
The passwd.adjunct.byname table will not be used to fill in password fields in the passwd.byname replies. Instead it is used to synthesize the shadow.byname table, should it be missing. This is a useful mode in some installations involving Solaris.
Diffstat (limited to 'nis/nss')
-rw-r--r--nis/nss11
1 files changed, 10 insertions, 1 deletions
diff --git a/nis/nss b/nis/nss
index aab40ab..0ac6774 100644
--- a/nis/nss
+++ b/nis/nss
@@ -1,7 +1,7 @@
# /etc/default/nss
# This file can theoretically contain a bunch of customization variables
# for Name Service Switch in the GNU C library. For now there are only
-# three variables:
+# four variables:
#
# NETID_AUTHORITATIVE
# If set to TRUE, the initgroups() function will accept the information
@@ -26,3 +26,12 @@
# might result into a network communication with the server to get
# the next entry.
#SETENT_BATCH_READ=TRUE
+#
+# ADJUNCT_AS_SHADOW
+# If set to TRUE, the passwd routines in the NIS NSS module will not
+# use the passwd.adjunct.byname tables to fill in the password data
+# in the passwd structure. This is a security problem if the NIS
+# server cannot be trusted to send the passwd.adjuct table only to
+# privileged clients. Instead the passwd.adjunct.byname table is
+# used to synthesize the shadow.byname table if it does not exist.
+#ADJUNCT_AS_SHADOW=TRUE