From b5bb8c35539d1b108e988d39153abc813c326b0f Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 26 Jan 2010 17:50:33 -0800
Subject: Add additional check that new user doesn't exist in NSS

If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).

Bug 5249
---
 templates/system/login/user/node.def | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'templates')

diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index 89e10a9c..751767d6 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -5,11 +5,7 @@ help: Set user account information
 syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
                      ; "invalid user name $VAR(@)"
 
-# System accounts should not be listed in vyatta configuration
-syntax:expression: exec "\
-    uid=$(getent passwd $VAR(@) | awk -F: '{print $3}'); \
-    [ -z \"$uid\" ] || [ $uid -eq 0 -o $uid -ge 1000 ]" \
-    ; "user name \"$VAR(@)\" is reserved for internal usage"
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_username.pl $VAR(@)"
 
 commit:expression: $VAR(authentication/encrypted-password) != ""
                    || ($VAR(authentication/plaintext-password) != ""
-- 
cgit v1.2.3