On Feb 25, 2011, at 1:55 PM, Sean Millichamp wrote: > On Fri, 2011-02-25 at 13:32 -0800, Jesse Wolfe wrote: >> Sorry that I'm late to the party one this one, but I have some questions. >> groupadd must also have the problem, is that correct? >> And it probably also affects the "pw" provider for BSD? >> >> If so, I think we should remove the getent code entirely and replace >> it with passwd and group file parsing at the share ancestor. > > Jesse, > > That is likely true. However, my initial question on that approach is > are there other instances in Puppet where user lookups occur for some > reason that require results from LDAP or other nsswitch/pw providers > (I'm thinking file ownership and maybe ssh_authorized_key users). I > don't have any idea how Puppet handles those types of things internally.
We just use the system POSIX APIs for data reading, so it always goes through whatever the system is configured to use. There's been a ticket open for ages to switch from the APIs to reading/writing the files. The downside of doing so is that compatibility becomes a bit harder - we're currently relying entirely on APIs and commands, which means the system has to handle compatibility, but once you start reading and writing the files it can suck. E.g., HP-UX has a line-length limit in the groups file (I think it's 1024 chars, which many groups exceed), and it silently ignores anything past that limit, so you have to split all groups based on that length into multiple lines. That's just one I know about, but I expect that every platform has something equally stupid. -- I take my children everywhere, but they always find their way back home. --Robert Orben --------------------------------------------------------------------- Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
