On Thu, 2007-06-14 at 10:44 -0400, Jarod Wilson wrote:
Tom "spot" Callaway wrote:
> On Thu, 2007-06-14 at 10:14 -0400, Simo Sorce wrote:
>> On Thu, 2007-06-14 at 08:44 -0500, Tom "spot" Callaway wrote:
>>
>>> A possible improvement I could see would be to change the tool to ask
>>> pam if the user exists, as opposed to simply looking
>> I guess you mean NSS
>>
>>> in /etc/passwd, /etc/group, as that would better cover network user
>>> conflicts.
>> If you don't already do it, you should _really_ do it and quickly.
>> Checking /etc/passwd directly today is not acceptable IMO, NSS has been
>> introduced exactly to decouple user querying from knowledge of the
>> underlying db and mechanisms used.
>
> So... since I know pam but not NSS, is there a way to ask that question
> (does a user/group exist) on the commandline with existing NSS tools?
Do these achieve the desired results?
# getent passwd | cut -d: -f1 | grep -c <user>
# getent group | cut -d: -f1 | grep -c <group>
Fully nss-aware, pulls user and group stuff from nis, ldap, etc., as
well as local files.
Awesome. fedora-uidgid-tools 0.2 uses getent now, so that issue is
covered.
Thanks,
~spot