[sparks-discuss] Active Directory name service module (nss_ad) [PSARC/2008/441 FastTrack timeout 07/18/2008]
Julian Pullen
julian.pullen at sun.com
Fri Jul 18 03:15:10 PDT 2008
If we are forced to have an /etc/nsswitch.ad file the with "passwd" and "group"
it should have a comment that it does not allow logons. I am sure that
someone will notice the file look at what it contains and assume it allows
logon via AD. We want to avoid this.
Regards
Julian
Darren J Moffat wrote:
> Baban Kenkre wrote:
>>> I think we can resolve this by shipping an /etc/nsswitch.ad just like
>>> we do for nis, nisplus, ldap, dns, files today.
>>>
>>
>> The team decided to leave an example nsswitch.ad out because of the
>> limited use of "ad" i.e. "ad" only resolves "passwd" and "group" and
>
> Just like nsswitch.dns only has an entry for dns on hosts and ipnodes.
>
>> does not support logon of Windows users onto Solaris yet. But I see no
>> problem in delivering nsswitch.ad if that's the consensus.
>
> Since we have an nsswitch example file for all the other nameservice
> (full or partial) we should have parity there.
>
> --
> Darren J Moffat
More information about the opensolaris-arc
mailing list