On Thu, Apr 21, 2022 at 03:30:55PM +0300, Dmitry Baryshkov wrote: > > > Before any discussion takes place, I would like to point out a previous > > > attempt of Fedora trying to get rid of NIS/NIS+ back in 2021. Please > > > check out > > > the LWN article at https://lwn.net/Articles/874174/ , which would > > > definitely > > > be helpful for the condition in Debian.
> > That discussion seems to be about removing NIS/NIS+ support from the > > entire distribution. This thread is about removing NIS support from PAM. > > That's an important distinction, because in practice, NIS/NIS+ support > > mostly means the NSS modules, and the tools/servers in the case of NIS. > > Dropping NIS support from PAM would mean losing only the ability to > > change the passwords of users coming from NIS. It would not affect user > > lookups, and password change would still be possible using yppasswd. > > There does not even seem to be any NIS+ support in PAM - nothing seems > > to include <rpcsvc/nis.h>. > > Personlly, I think bundling NIS password changing capability in pam_unix > > was a design mistake. It should always have been a distinct module. > Can we provide a separately packaged pam_unix_nis which can be used > instead of pam_unix in cases where this functionality is still > required? Yes, that is technically possible and something I've already considered. I wasn't going to offer it up as a solution without some evidence of demand (which I would say this thread hasn't yet established), since it would require additional work on the package. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature