On 2008-02-07 04:40, vasantha.prabhu wrote:
> Hi,
>
> Suppose if there are two user accounts with the same name (vprabhu on
> local (i.e. files) as well as NIS), then /etc/nsswitch.conf determines
> which domain to authenticate against. However, depending on the OS
> (for example authconfig settings in linux) can alter the nsswitch.conf
> procedure.
>
> For example,
>
> cat /etc/nsswitch.conf|grep passwd
> passwd: nis files
>
> then if vprabhu logs in it will be authenticated against NIS. However,
> if authconfig settings are "Local authorization is sufficient" is ON,
> it will authenticate against FILES.
>
> Now, given this situation, how do we reliably know against which
> domain (local/NIS) a user has authenticated against while logging in ?
> If there is a POSIX API or portable API or even OS commands across
> major UNIX versions please let us know.
>
> Thanks,

The user will be authenticated to the local machine using the password from
files or something else.
Then it's up to other machines to trust that machine or not.
This is done either with a simple trust on 100% managed nis domains,
or using creds/tickets of some sort. (secure RPC , kerberos and others.)

Look for publickey: in nsswitch , or read about pam modules.
http://www.kernel.org/pub/linux/libs/pam/modules.html

I have no idea how one can check if another user has creds or tickets,
but I'm sure the system know.

/bb