PSARC/2009/036 Authorisation based login control: pam_auths [ timeout 01/30/2009 ]
James Carlson
james.d.carlson at sun.com
Fri Jan 23 07:20:56 PST 2009
Darren J Moffat writes:
> %d is replaced by the DNS domain name.
Which one is "the" DNS domain name? I don't think there's a canonical
one on the system. You can have multiple search domains in
/etc/resolv.conf.
If you're referring to /etc/defaultdomain, that's actually the
NIS/NIS+ domain, not DNS.
> %h is replaced by the hostname, as returned by
> gethostname(3C)
That's just the local host name. Is the remote host name ever
significant?
> %f is replaced by the fully qualified host name without the
> trailing dot (so using %f is equivalent to specifying
> %h.%d)
That doesn't make sense to me. The "%h" value is from
gethostname(3C), but how do you know that this value isn't itself a
FQDN? It's common practice at some sites to set the hostname either
to a FQDN or to some domain name that's relative to the organization.
The practice of making it a simple one-word name on the SWAN is in
many ways due to our use of NIS and its odd limitations. That's not
necessarily the norm outside of Sun, though.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list