Red Hat Bugzilla – Bug 32571
Add enabling/disabling NIS+ to authconfig
Last modified: 2007-11-30 17:10:30 EST
Default full install.
When "authconfig" ran, I did NOT pick "NIS support".
Now I look in my /etc/nsswitch.conf.
The damn thing has "files nisplus" all over the shop. This causes
lots of applications to dynamically link in libnss_nisplus and its
This is a performance concern, and generally wasteful. In my
very minimal ftpd, "vsftpd", issues like this show up.
Summary by the principle of least surprise:
"If I didn't pick NIS support in the installer, the generated
/etc/nsswitch.conf should in no way reference NIS or
This is actually authconfig issue (or anaconda), reassigning.
"hosts" is down as "files nisplus dns"
i.e. dns is _after_ nisplus.
I always wondered why nis is referenced in nsswitch.conf at all if NIS support
was not enabled, so I agree with Chris that this should be fixed. It's more
convenient but as Chris stated also a performance issue (also a RAM ressource
Regarding dns being after nisplus in the "hosts" lists... I'm not sure what's
I think that there should be exist a way to prevent authconfig from altering
certain params. E.g. I use NIS for authentication-purposes only and resolve all
hosts by DNS only; trying NIS first slows down the lookup and gives no result.
When setting the 'host' entry to a better value, it will be overwritten when
authconfig runs the next time.
At least I would expect a warning in /etc/nsswitch.conf saying that running
authconfig the next time will trash all manual changes.
Perhaps there could be a comment-line like "## All entries below are controlled
by authconfig; when doing manual changes place them above" which gets recognized
by authconfig. So user-made changes won't interfere with these of authconfig.
Another issue: In my nsswitch.conf the first lines are saying "This file should
be sorted with the most-used services at the beginning", but "hosts" which is
certainly more used than e.g. bootparams is the last entry...
Both enabling/disabling nisplus and optional per-service configuration (with
better preservation of existing tweaks) are on the list of changes to be made.
Reclassifying as an RFE: for future reference.
The default nsswitch.conf as shipped in FC doesn't have nisplus in it (at least
for the main databases) anymore. Enabling/disabling nisplus would add another
option to authconfig which would complicate its UI. If experienced sysadmin
wants to add nisplus he can always modify nsswitch.conf by hand.