I have a question about the use of the “options security.admin.authentication” configuration. In what context is the “internal” option used? If I’m only interested in the use of the passwd for authentication and the nsswitch.conf has the following:
passwd: files nis ldap
Doesn’t the “passwd: files” serve the same purpose as the “internal” option? I’m setting up a 8.2.2, 7-mode, filer for SFTP and it appears the common setting for the security.admin.authentication is either “nsswitch” or “nsswitch, internal”. I’m trying to understand the logic since currently I’m functioning in a CIFS and NFS environment under the “internal” option.
Sorry for the incorrect label, I'm a newbie to this.
But according to TR-3490, NetApp Storage System Multiprotocol User Guide, in the nsswitch.conf the "files" option refers to "local files", hence my question about what is "internal" on the security.admin.authentication doing that is different than a "files" configuration on the nsswitch.conf?
internal = useradmin commands (saved internally in a db)
nsswitch.conf look like the following, and defines the order of search for each entity. "Files" refer to a filename in etc with same name as the configuration title. /etc/hosts for 'hosts:, /etc/passwd to 'passwd:'
filer*> rdfile /etc/nsswitch.conf #Auto-generated by setup Sat Mar 24 10:02:44 GMT 2012 hosts: files nis dns passwd: files nis ldap netgroup: files nis ldap group: files nis ldap shadow: files nis filer*>
So the security.admin.authentication “internal” is for administrators that can have access to the NetApp and its internal configuration. "Internal" has its account via the “useradmin user add …” command and resides in an internal db.
The security.admin.authentication “nsswitch” can point to the configuration of the /etc/passwd file via “passwd:files”, and is for access to shares/exports and can also point a user to their home directory, such as a designated directory for FTP access.
Is this the gist of it?
Nice explanation of <filename>:files=/etc/<filename> in nsswitch.conf.