[CentOS] username list?

Stephen Harris lists at spuddy.org
Fri Jul 13 03:19:48 UTC 2007


On Thu, Jul 12, 2007 at 11:14:45PM -0400, Matt Hyclak wrote:
> On Thu, Jul 12, 2007 at 11:13:08PM -0400, Stephen Harris enlightened us:
> > > 'getent passwd' should be portable across any account storage accessible
> > > through pam. 
> > 
> > You said the magic word that makes things infinitely more complicated
> > ("PAM") and that renders your answer incorrect.  "getent" uses naming
> > services (nsswitch.conf).  PAM doesn't.  An account visible via getent
> > may not be valid on a box.
> 
> Yes, I should have said nss, not pam. Thanks for correcting that. That ought
> to teach me to answer questions late at night :-)

*grin*

It's actually not a trivial point and is something I ask people about in
interviews.  Naming services, authentication, authorisation are actually
seperate systems.  Historically they've all been /etc/passwd /etc/shadow.
Modern unixes using PAM mean they need not be the same, and this can lead
to some interesting edge cases.  Just because an accounts shows on the
system (eg via getent) doesn't mean that user can log in!

-- 

rgds
Stephen



More information about the CentOS mailing list