Bug 32571

Summary:	Add enabling/disabling NIS+ to authconfig
Product:	[Fedora] Fedora	Reporter:	Chris Evans <chris>
Component:	authconfig	Assignee:	Tomas Mraz <tmraz>
Status:	CLOSED WONTFIX	QA Contact:	Aaron Brown <abrown>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	dr, rh-bugzilla
Target Milestone:	---	Keywords:	FutureFeature
Target Release:	---
Hardware:	i386
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Enhancement
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2005-09-08 13:05:06 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Chris Evans 2001-03-21 20:46:27 UTC

Hi,
Default full install.
When "authconfig" ran, I did NOT pick "NIS support".
.
Now I look in my /etc/nsswitch.conf.
.
The damn thing has "files nisplus" all over the shop. This causes
lots of applications to dynamically link in libnss_nisplus and its
dependency libnsl.
.
This is a performance concern, and generally wasteful. In my
very minimal ftpd, "vsftpd", issues like this show up.
.
Summary by the principle of least surprise:
"If I didn't pick NIS support in the installer, the generated
/etc/nsswitch.conf should in no way reference NIS or
NIS+"

Comment 1 Jakub Jelinek 2001-03-21 21:05:06 UTC

This is actually authconfig issue (or anaconda), reassigning.

Comment 2 Chris Evans 2001-03-22 01:24:55 UTC

Possibly worse!
"hosts" is down as "files nisplus dns"
.
i.e. dns is _after_ nisplus.

Comment 3 Daniel Roesen 2001-03-22 16:11:26 UTC

I always wondered why nis is referenced in nsswitch.conf at all if NIS support
was not enabled, so I agree with Chris that this should be fixed. It's more
convenient but as Chris stated also a performance issue (also a RAM ressource
issue?).

Regarding dns being after nisplus in the "hosts" lists... I'm not sure what's
right here.

Comment 4 Enrico Scholz 2001-04-03 14:35:30 UTC

I think that there should be exist a way to prevent authconfig from altering
certain params. E.g. I use NIS for authentication-purposes only and resolve all
hosts by DNS only; trying NIS first slows down the lookup and gives no result.
When setting the 'host' entry to a better value, it will be overwritten when
authconfig runs the next time.

At least I would expect a warning in /etc/nsswitch.conf saying that running
authconfig the next time will trash all manual changes.

Perhaps there could be a comment-line like "## All entries below are controlled
by authconfig; when doing manual changes place them above" which gets recognized
by authconfig. So user-made changes won't interfere with these of authconfig.


Another issue: In my nsswitch.conf the first lines are saying "This file should
be sorted with the most-used services at the beginning", but "hosts" which is
certainly more used than e.g. bootparams is the last entry...

Comment 5 Nalin Dahyabhai 2001-04-03 19:43:01 UTC

Both enabling/disabling nisplus and optional per-service configuration (with
better preservation of existing tweaks) are on the list of changes to be made.

Comment 6 Nalin Dahyabhai 2001-06-26 06:10:01 UTC

Reclassifying as an RFE: for future reference.

Comment 7 Tomas Mraz 2005-09-08 13:05:06 UTC

The default nsswitch.conf as shipped in FC doesn't have nisplus in it (at least
for the main databases) anymore. Enabling/disabling nisplus would add another
option to authconfig which would complicate its UI. If experienced sysadmin
wants to add nisplus he can always modify nsswitch.conf by hand.