Is "passwd: files compat" a valid configuration in nsswitch.conf?

From: Powell, Mark \(Harvey Nash\) (Mark.Powell@uk.bp.com)
Date: Tue Jan 02 2007 - 13:01:08 EST

• Next message: umar adnan: "Need help on kerberos kDC server on solaris 10"
• Previous message: Jagga Soorma: "DST Time Changes in 2007"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi fellow sun admins,

My question 'Is "passwd: files compat" a valid configuration in
nsswitch.conf?' relates to a couple of things that made me ask this:

On a Solaris 9 server (LDAP client) I recently experienced a very heavy
load from the client to the LDAP server. The reason being was that it
was constantly resolving UID to username (could tell from LDAP logs) for
an Oracle user's script (FWIW did something like ps -ef...) and nscd had
died. Restarting nscd fixed the heavy load issue BUT, the strange thing
was that this was a service account (local application UID) defined in
/etc/passwd (i.e. files), so shouldn't have to be resolved using LDAP.
The system's nsswitch.conf is set "passwd: compat" with the following
line set "passwd_compat: ldap". I wondered whether for performance maybe
the passwd line should be changed to read "passwd: files compat" so as
to hit files first. However a couple of other admins here say that, on
Solaris, the "compat" option uses files first.
Supporting their view, in the man page for passwd(1) it states:
"Failure to comply with the configurations will prevent users from
logging onto the system. The password update configurations are:
        o passwd: files
        o passwd: files ldap
        o passwd: compat (==> files ldap)
     passwd_compat: ldap"

The line "passwd: compat (==> files ldap)" does imply a link but is that
the same as a search order?

I can see this configuration in nsswitch.conf has been referenced before
here on SunManagers:
http://www.sunmanagers.org/pipermail/summaries/2004-October.txt but
other than that I have not found reference to using the "passwd: files
compat" name service search order on Solaris. (It seems popular on Linux
however...)

Any advice one way or another?

Many thanks in advance and, of course, I will summarise if there's new
learning to be had.

Happy New Year and Kind Regards

Mark Powell
G DCT GO UK&A EMDC UNIX
Support Team +44 (0) 20 7579 7989
Desk +44 (0) 20 7579 6279
Remedy EMDC Ops Unix
Mail mark.powell@uk.bp.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: umar adnan: "Need help on kerberos kDC server on solaris 10"
• Previous message: Jagga Soorma: "DST Time Changes in 2007"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:24 EDT