libnss_extrausers:

With the following lines in /etc/nsswitch.conf

passwd:         compat extrausers
group:          compat extrausers
shadow:         compat extrausers

and /lib/libnss_extrausers.so.1 from this package, glibc will
not only look in /etc/{passwd,shadow,group} but also in
/var/lib/extrausers/{passwd,shadow,group}. It will limit itself
to uids and gids of at least 500 - where detectable - to avoid
root or system account access.

Security considerations:
	Allways use after compat in nsswitch.conf,
	otherwise it could overwrite the shadow-password for root.
	(shadow has not uids, so this cannot be rules out)

	If someone is able to place terminals instead of the
	files, that could cause all programs to get a new
	controling terminal, making DoS attacks possible.

