[OpenAFS] AFS without local authentication

Russ Allbery rra@stanford.edu
30 Nov 2001 12:42:41 -0800

Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:

> Maybe I'm confused .... but I don't think this would help, would it?  I
> mean, you'd have to replace the whole C shared library for target
> platforms for this to work, and somehow I don't think that's reasonable.

No, this is the whole point of the nsswitch mechanism.

Several modern operating systems, such as Linux and Solaris, have pulled
all of the getpw*() and related function implementations out of libc into
a set of separately loadable shared modules.  Which modules are used is
determined by /etc/nsswitch.conf.  In order to add a new lookup mechanism,
all that is theoretically necessary is to write a new shared library that
exposes a particular API and then edit nsswitch.conf to indicate that that
mechanism should be used to resolve particular maps.

Doing this on operating systems that don't support nsswitch is as hard as
ever, but like PAM nsswitch is the Right Way To Do This, so in time one
can hope that more operating systems will either get on-board or will die.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>