KB-4803: What is the impact of placing files before centrifyda in /etc/nsswitch.conf
Auditing and Monitoring Service
,
26 December,14 at 10:09 PM
Show Properties
Hide Properties
|
12/26/2014 10:09 PM |
|
7/6/2018 4:02 PM |
|
12/26/2014 10:09 PM |
|
Article Audience |
|
Products |
Auditing and Monitoring Service
|
|
|
|
|
000004803 |
|
Local users will not be audited perriod |
|
Question:
What is the impact of placing files before centrifyda in /etc/nsswitch.conf?
Answer:
If you place 'files' in front of 'centrifyda' in /etc/centrifyda/centrifyda.conf, all the NSS calls are satisfied by /etc/passwd first.
Local users will be matched by this module, and the user's shell will be whatever it is stored in /etc/passwd.
Since the DA NSS module is not invoked, there is no software module that inserts the DA shell in the passwd entry returned to the login process.
This means all local users WILL NOT be audited, regardless of what the customer sets in their configuration.
You can still use per-command auditing for all users (which includes both local and AD users).
AD users should not be impacted. They will be audited as specified in their audit level.
The dainfo command will report "NSS Active" only when centrifyda is the first entry in nsswitch.conf.
If the you modify the file to have "files" first , the dainfo command will not return the correct status ( AD users are being audited).