Network and Storage Protocols

When to use security.admin.authentication internal or nsswitch?

InvalidCharacter
5,767 Views

I have a question about the use of the “options security.admin.authentication” configuration. In what context is the “internal” option used? If I’m only interested in the use of the passwd for authentication and the nsswitch.conf has the following:

passwd: files      nis     ldap

 

Doesn’t the “passwd: files” serve the same purpose as the “internal” option? I’m setting up a 8.2.2, 7-mode, filer for SFTP and it appears the common setting for the security.admin.authentication is either “nsswitch” or “nsswitch, internal”. I’m trying to understand the logic since currently I’m functioning in a CIFS and NFS environment under the “internal” option.

thanks

Sorry for the incorrect label, I'm a newbie to this.

1 ACCEPTED SOLUTION

GidonMarcus
5,676 Views

internal = useradmin commands (saved internally in a db)

 

nsswitch.conf look like the following, and defines the order of search for each entity. "Files" refer to a filename in etc with same name as the configuration title.  /etc/hosts for 'hosts:, /etc/passwd to 'passwd:'

 

filer*> rdfile /etc/nsswitch.conf
#Auto-generated by setup Sat Mar 24 10:02:44 GMT 2012
hosts: files       nis     dns
passwd: files      nis     ldap
netgroup: files    nis  ldap
group: files       nis     ldap
shadow: files      nis
filer*>

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

View solution in original post

5 REPLIES 5

GidonMarcus
5,731 Views

HI,

 

internal means for the users configured with the context of "useradmin" command.

nsswitch refer to all the external (files, name & directory services).

 

Gidi

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

InvalidCharacter
5,709 Views

Thanks Gidi,

But according to TR-3490, NetApp Storage System Multiprotocol User Guide, in the nsswitch.conf the "files" option refers to "local files", hence my question about what is "internal" on the security.admin.authentication doing that is different than a "files" configuration on the nsswitch.conf?

Al

aborzenkov
5,688 Views
Good question. My understanding is, "files" refers to /etc/passwd, and users added by useradmin are kept elsewhere (directly in registry). But I love to be proved correct (or wrong 🙂 )

GidonMarcus
5,677 Views

internal = useradmin commands (saved internally in a db)

 

nsswitch.conf look like the following, and defines the order of search for each entity. "Files" refer to a filename in etc with same name as the configuration title.  /etc/hosts for 'hosts:, /etc/passwd to 'passwd:'

 

filer*> rdfile /etc/nsswitch.conf
#Auto-generated by setup Sat Mar 24 10:02:44 GMT 2012
hosts: files       nis     dns
passwd: files      nis     ldap
netgroup: files    nis  ldap
group: files       nis     ldap
shadow: files      nis
filer*>

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

InvalidCharacter
5,662 Views

Thanks Gidi,

So the security.admin.authentication “internal” is for administrators that can have access to the NetApp and its internal configuration.  "Internal" has its account via the “useradmin user add …” command and resides in an internal db.

The security.admin.authentication “nsswitch” can point to the configuration of the /etc/passwd file via “passwd:files”, and is for access to shares/exports and can also point a user to their home directory, such as a designated directory for FTP access.

Is this the gist of it?

Nice explanation of <filename>:files=/etc/<filename> in nsswitch.conf.

Al

Public