Focus on Sun
Security Configuration Settings? Sep 21 2004 01:34PM
El C0chin0 (mr nasty ix netcom com) (5 replies)
Re: Security Configuration Settings? Sep 23 2004 10:08AM
Marek Antozi (Marek Antozi Sun COM)
Re: Security Configuration Settings? Sep 23 2004 09:04AM
lupe lupe-christoph de (Lupe Christoph)
On Tuesday, 2004-09-21 at 13:34:33 -0000, El C0chin0 wrote:

> I don't understand and haven't been able to find anything related to what describes 'compat'. Can any one provide me with why it is a good measure to change this from 'files' to 'compat' and what other changes may be necessary or what exactly is the difference?

Please keep your lines to 72~80 chars.

Do a "man nsswitch.conf", search for compat:

compat Valid only for passwd and group;
implements "+" and "-". See
Interaction with +/- syntax.

Interaction with +/- syntax
Releases prior to SunOS 5.0 did not have the name service
switch but did allow the user some policy control. In
/etc/passwd one could have entries of the form +user
(include the specified user from NIS passwd.byname), -user
(exclude the specified user) and + (include everything,
except excluded users, from NIS passwd.byname). The desired
behavior was often "everything in the file followed by
everything in NIS", expressed by a solitary + at the end of
/etc/passwd. The switch provides an alternative for this
case ("passwd: files nis") that does not require + entries
in /etc/passwd and /etc/shadow (the latter is a new addition
to SunOS 5.0, see shadow(4)).

If this is not sufficient, the NIS/YP compatibility source
provides full +/- semantics. It reads /etc/passwd for
getpwnam(3C) functions and /etc/shadow for getspnam(3C)
functions and, if it finds +/- entries, invokes an appropri-
ate source. By default, the source is "nis", but this may be
overridden by specifying "nisplus" or "ldap" as the source
for the pseudo-database passwd_compat.

Note that for every /etc/passwd entry, there should be a
corresponding entry in the /etc/shadow file.

The NIS/YP compatibility source also provides full +/-
semantics for group; the relevant pseudo-database is
group_compat.

HTH,
Lupe Christoph

--
| lupe (at) lupe-christoph (dot) de [email concealed] | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |

[ reply ]
Re: Security Configuration Settings? Sep 23 2004 07:21AM
Kapetanakis Giannis (bilias edu physics uoc gr) (1 replies)
Re: Security Configuration Settings? Sep 23 2004 04:40PM
Eric Forgette (4jet overnite com)
Re: Security Configuration Settings? Sep 23 2004 05:59AM
James Lick (jlick drivel com)
Re: Security Configuration Settings? Sep 22 2004 10:24PM
Jan David (jdavid skynet be)


 

Privacy Statement
Copyright 2010, SecurityFocus