Ken Raeburn a écrit : > Aurelien Jarno wrote: >> Wouldn't it be possible to also use Kerberos for shadow information, as >> it is actually where the encrypted passwords are stored? >> > > Kerberos doesn't necessarily have the information in its database, and > the protocol provides no way to pass the information around. > >> Other nsswitch modules provide both interfaces, because there is >> actually a shadow database. Hesiod does not provide a shadow database. >> >> The only thing that can be done is to provide functions that will always >> return an error. Not sure it is really useful. >> > If that's the model -- that it's permissible for there not to be shadow > data -- then yes, the Hesiod code is okay and this is a pam bug... >
It's permissible, but as said not really useful. That won't change the value returned by getspnam(), which already return -1 when an entry is not found. This returned value simply means that shadow entry exists for the given name. -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org