On Wed, Jan 09, 2008 at 07:23:10PM -0500, Matt Swift wrote: > Yes, and as I alluded in mail just sent, a recursion loop seems > possible with "dns proxy=yes" as well, unless that check is not going > to use the NSS layer.
Heh, yes, the 'dns proxy' option uses gethostbyname(), which is an NSS-based call, so this could be recursive. Sorry, "don't do that". :) (dns proxy is one of those old options that Seemed Like A Good Idea At The Time, anyway; I can't imagine why anyone would want to use that with any clients deployed in the past 10 years, all of which should be capable of doing DNS directly as needed.) > On a related note, you might want to document that you don't actually > have to run windbindd to get the "hosts: wins" NSS service, you just > need to run a WINS server and have /lib/libnss_wins.so (I think). The > fact that libnss_wins.so installs by default to run winbindd in Debian > suggests that you need to run it for all features described in > winbindd man page (i.e., be good if the winbindd man page said you > don't have to run winbindd to get the NSS functionality, even though > it's the winbindd man page that's documenting it). Hum, it's part of the winbind package because winbind is the "make my machine integrate with Windows domains" package. nss_wins is not a prerequisite for winbindd, nor is winbindd a prerequisite for nss_wins, but winbindd is started by default and packaged together win nss_wins because I think it would be splitting hairs to do otherwise when considering the common usage scenarios. I agree that there's room for improvement in the documentation here. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]