stanonik@nprdc.navy.mil (11/03/89)
We've been trying to use netgroups to control login access. Every user account is in the yp passwd map, but, for example, a project might not want anyone outside of the project logging into their machines. They do, however, still want to be able to finger anyone. So, the passwd file on their machines might look like root:... and other common entries for sys admin +@project1 +::0:0:::/dev/null The problem with this is that programs which getpwent through passwd will find some entries twice. For example, if smith is in the project netgroup, then getwpent will find smith twice, once with a real shell and again with /dev/null shell. Groan. True, that's what the passwd file says, but it's not what we meant. One way around this is as follows root:... and other common entries for sys admin +@project1 -@project1 +::0:0:::/dev/null Seems kludgey. An alternative to ensure that everyone is in some project (ie, netgroup) and no one is in two projects, then use root:... and other common entries for sys admin +@project1 +@project3::0:0:::/dev/null +@project4::0:0:::/dev/null etc Groan. This seems like an administrative headache as projects come and go. Any suggestions? Thanks, Ron Stanonik stanonik@nprdc.navy.mil