03b6b479 |
1 | |
2 | # |
3 | # Below is the README from libnss-ptdb, from which libnss-afs |
4d28e947 |
4 | # was derived. For more up-to-date information, please see |
5 | # |
6 | # http://www.hcoop.net/~megacz/software/libnss-afs.html |
03b6b479 |
7 | # |
8 | |
9 | |
10 | |NSS Module for AFS |
11 | +------------------ |
12 | |
13 | What is it? |
14 | ----------- |
15 | |
16 | This package will let your applications use the AFS-Protection-Database |
17 | (PTDB) as a unix user-database. It consists of 2 binary parts: |
18 | |
19 | 1. The ptdbnssd, a daemon that clients may connect to by |
20 | udp://localhost:6998 to find out the UID for a usename or vice versa |
21 | 2. The 'ptdb'-nss-module (libnss-ptdb) that will connect to ptdbnssd, |
22 | whenever it needs to lookup a username or a UID. |
23 | |
24 | libnss-ptdb will provide user homedirectories which are determined using |
25 | one of 2 methods (see below). Further more it provides a login shell |
26 | which is determined using one of 3 methods. |
27 | |
28 | As a bonus, this package provides a group-nss-plugin, assigning descriptive |
29 | names to PAG-groups (i.e. "AfsPag-1121" ). |
30 | |
31 | My main intention for writing this module was to provide a really simple |
32 | way of providing user accoung information to AFS-client machines. I wanted |
33 | to avoid using ldap withing the Instantafs-Project. |
34 | Visit http://instantafs.cbs.mpg.de for more information about InstantAFS. |
35 | |
36 | What about the homedirectories and login shells? |
37 | ------------------------------------------------ |
38 | |
39 | Homedirectories are determined by the nss-plugin but the configuration is done |
40 | by ptdbnssd. ptdbnssd accepts the parameters '-H' and '-S' to select a |
41 | method of determining homedirectories/login shells. Whenever a nss-plugin does |
42 | a lookup (either by uid or by name) ptdbnssd sends the current configuration |
43 | (basically: what you defined as -H and -S parameters) to the nss-plugin. |
44 | The Plugin then calculates the homedirectory and login shell on its own. |
45 | |
46 | The advantage of that concept is that filesystem-accesses are always done by |
47 | user programs, not locking ptdbnssd for other lookups. On the other hand, |
48 | it's possible to change the homedir/loginshell-policy by restarting ptdbnssd |
49 | host wide instantaniously. |
50 | |
51 | When using debian, just edit /etc/default/ptdbnssd to change the policy. |
52 | |
53 | What do I have to do to get it working? |
54 | --------------------------------------- |
55 | |
56 | Set up the AFS-client on your local computer. You must have a file |
57 | "/etc/openafs/ThisCell" containing *only* the full name of your |
58 | local cell. |
59 | |
60 | You need glibc- and openafs-headers (debian-packages glibc6-dev and |
61 | libopenafs-dev). |
62 | |
63 | Type that: |
64 | |
65 | # make |
66 | # make install |
67 | |
68 | Run the deamon (consider running it as an unprivileged user): |
69 | |
70 | $ /usr/bin/ptdbnssd |
71 | |
72 | Use /usr/lib/libnss-ptdb/nsstest to check, if ptdbnssd and the nss-module |
73 | are working correctly. If not, /usr/lib/libnss-ptdb/cstest helps you |
74 | to find out, if it's the deamon's fault. |
75 | |
76 | Modify /etc/nsswitch.conf , you need to rewrite the "passwd"- and the group-line: |
77 | |
78 | passwd: files ptdb |
79 | group: pag files |
80 | |
81 | Now use 'ls -l /afs/some/directory' to see, if it's working. |
82 | |
83 | Note: 'pag' should be the first group-plugin. The group name of PAG-groups is |
84 | calculated from their gid which is faster than i.e. a /etc/group-lookup. |
85 | |
86 | Debugging |
87 | --------- |
88 | |
89 | After building the package there are two additional binaries: |
90 | * cstest - Tries to resolve ID or username given at cmdline |
91 | by calling ptdbnssd directly |
92 | * nsstest - Tries to resolve ID or username given at cmdline |
93 | by using nss (libc name resolution). |
94 | |
95 | Last words |
96 | ---------- |
97 | |
98 | The code was heavily "inspired" by Todd M. Lewis' (*) nss_pts_0.2 - Thank |
99 | you very much, Todd :-) . |
100 | |
101 | (*) can be found @ http://www.unc.edu/~utoddl |
102 | |
103 | If you have any questions, suggestions, patches, ... feel free to send me |
104 | an eMail. |
105 | |
106 | Everything contained in this package is released under the terms of the |
107 | GNU Lesser General Public License (see COPYING). |
108 | |
109 | Good luck, |
110 | |
111 | -- Frank Burkhardt <burk@cbs.mpg.de> Fri, 06 Apr 2007 11:45:23 +0200 |