[sparks-discuss] Active Directory name service module (nss_ad) [PSARC/2008/441 FastTrack timeout 07/18/2008]
Serge Dussud
Serge.Dussud at sun.com
Fri Jul 18 03:58:37 PDT 2008
man page for ad(5) should also mention this.
Serge
Julian Pullen wrote:
> If we are forced to have an /etc/nsswitch.ad file the with "passwd" and "group"
> it should have a comment that it does not allow logons. I am sure that
> someone will notice the file look at what it contains and assume it allows
> logon via AD. We want to avoid this.
>
> Regards
>
> Julian
>
> Darren J Moffat wrote:
>> Baban Kenkre wrote:
>>>> I think we can resolve this by shipping an /etc/nsswitch.ad just like
>>>> we do for nis, nisplus, ldap, dns, files today.
>>>>
>>> The team decided to leave an example nsswitch.ad out because of the
>>> limited use of "ad" i.e. "ad" only resolves "passwd" and "group" and
>> Just like nsswitch.dns only has an entry for dns on hosts and ipnodes.
>>
>>> does not support logon of Windows users onto Solaris yet. But I see no
>>> problem in delivering nsswitch.ad if that's the consensus.
>> Since we have an nsswitch example file for all the other nameservice
>> (full or partial) we should have parity there.
>>
>> --
>> Darren J Moffat
> _______________________________________________
> sparks-discuss mailing list
> sparks-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/sparks-discuss
More information about the opensolaris-arc
mailing list