From gyori@szit.bme.hu  Sat Jun  9 13:12:20 2001
Return-Path: <gyori@szit.bme.hu>
Received: from szit.bme.hu (fourier.szit.bme.hu [152.66.84.8])
	by hub.freebsd.org (Postfix) with SMTP id 7874C37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  9 Jun 2001 13:12:19 -0700 (PDT)
	(envelope-from gyori@szit.bme.hu)
Received: (qmail 77135 invoked by uid 8452); 9 Jun 2001 20:12:18 -0000
Message-Id: <20010609201218.77134.qmail@szit.bme.hu>
Date: 9 Jun 2001 20:12:18 -0000
From: gyori@szit.bme.hu
Reply-To: gyori@szit.bme.hu
To: FreeBSD-gnats-submit@freebsd.org
Subject: Really functioning nsswitch in FreeBSD
X-Send-Pr-Version: 3.2

>Number:         27994
>Category:       bin
>Synopsis:       FreeBSD should have really functioning nsswitch
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 09 13:20:02 PDT 2001
>Closed-Date:    Sat Jun 9 13:41:17 PDT 2001
>Last-Modified:  Sat Jun  9 15:40:01 PDT 2001
>Originator:     Gyori Sandor
>Release:        FreeBSD 4.1.1-STABLE i386
>Organization:
Technical University of Budapest
>Environment:

	FreeBSD 4.x or -CURRENT

>Description:

	FreeBSD 4.x has no support to nsswitch, and even the -CURRENT
supports only very few, predefined methods such as files, nis, nisplus for
user authentication in nsswitch.conf. Dynamical modules can't be used, for
example nss_ldap for authentication via LDAP. There are patches to solve
this problem at http://www.nectar.com/freebsd/nsswitch, but only a part of
them was built in to -CURRENT (the statical part). Why?? This is a serious
deficiency of FreeBSD which has been solved on Linux for ages. Is there any
security or other reason not to implement a fully functional nsswitch
feature on FreeBSD?

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Sat Jun 9 13:41:17 PDT 2001 
State-Changed-Why:  

This is not the right forum for this discussion. The problems associated 
are more complicated than applying a few patches. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27994 

From: Peter Wemm <peter@wemm.org>
To: gyori@szit.bme.hu
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/27994: Really functioning nsswitch in FreeBSD 
Date: Sat, 09 Jun 2001 15:35:23 -0700

 gyori@szit.bme.hu wrote:
 
 > >Description:
 > 
 > 	FreeBSD 4.x has no support to nsswitch, and even the -CURRENT
 > supports only very few, predefined methods such as files, nis, nisplus for
 > user authentication in nsswitch.conf. Dynamical modules can't be used, for
 > example nss_ldap for authentication via LDAP. There are patches to solve
 > this problem at http://www.nectar.com/freebsd/nsswitch, but only a part of
 > them was built in to -CURRENT (the statical part). Why?? This is a serious
 > deficiency of FreeBSD which has been solved on Linux for ages. Is there any
 > security or other reason not to implement a fully functional nsswitch
 > feature on FreeBSD?
 
 The basic problem is that it requires *everything* to be dynamically
 linked, even the root filesystem (/bin, /sbin etc) and splitting the
 libraries between /lib and /usr/lib.  Various people do not want this.
 
 There are other possibilities, such as using proxy nsswitch servers or
 something, but that will likely look quite different to normal nsswitch.
 
 Cheers,
 -Peter
 --
 Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
 "All of this is for nothing if we don't go to the stars" - JMS/B5
 
>Unformatted:
