Marcus Rueckert <rueckert@informatik.uni-rostock.de> writes:
On 2006-04-18 12:13:24 -0400, Stewart Dean wrote:
If a host is running NIS (passwd file ends in +::0:0:::) authentication, will dovecot be able to authenticate with
auth_userdb = passwd
directly and automagically or do you have to do a ypcat passwd > pwfile periodically to generate a passwd file that dovecot can use?
if you use pam. there shouldnt be an issue.
This is dangerously false (except if you're using Solaris), NIS is a massive reliability issue on important operating systems that use nsswitch such as Linux and FreeBSD (and before FreeBSD used nsswitch, too).
These systems tried to copy the Solaris nsswitch scheme, but goofed up horribly, and particularly Linux's nsswitch is utterly unreliable.
Linux's pam_unix2 and glibc nsswitch will happily and instantly return NULL with errno == 0 from getpwnam() if the NIS domain isn't bound.
This makes temporary NIS blackouts (say, ypbind is in the process of switching to another slave server if the server bound to formerly has gone down) indistinguishable from a permanent error which also returns NULL from getpwnam() with errno == 0 if the lookup succeeded and ended up with a definitive "no such user".
glibc's nsswitch doesn't even set errno == EIO in this case (as is documented) which might sell the application a clue something went wrong.
FreeBSD behaves the same except that it keeps retrying for a few minutes which will usually help across short-time temporary failures.
Only Solaris gets it right with its default of TRYAGAIN=forever which neither Linux nor FreeBSD support. That makes Solaris retry forever on temporary failures until it can come up with a definitive result.
I filed reports for these problems a long time ago, to no avail:
glibc: <http://sources.redhat.com/bugzilla/show_bug.cgi?id=430> (Drepper shows he's neither understood the impact of the issue nor does he know his own code.)
FreeBSD: <http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/46866> (No-one picked this up in 27 months.)
-- Matthias Andree