| 1 | |
| 2 | # |
| 3 | # Below is the README from libnss-ptdb, from which libnss-afs |
| 4 | # was derived. For more up-to-date information, please see |
| 5 | # |
| 6 | # http://www.hcoop.net/~megacz/software/libnss-afs.html |
| 7 | # |
| 8 | |
| 9 | |
| 10 | |NSS Module for AFS |
| 11 | +------------------ |
| 12 | |
| 13 | What is it? |
| 14 | ----------- |
| 15 | |
| 16 | This package will let your applications use the AFS-Protection-Database |
| 17 | (PTDB) as a unix user-database. It consists of 2 binary parts: |
| 18 | |
| 19 | 1. The ptdbnssd, a daemon that clients may connect to by |
| 20 | udp://localhost:6998 to find out the UID for a usename or vice versa |
| 21 | 2. The 'ptdb'-nss-module (libnss-ptdb) that will connect to ptdbnssd, |
| 22 | whenever it needs to lookup a username or a UID. |
| 23 | |
| 24 | libnss-ptdb will provide user homedirectories which are determined using |
| 25 | one of 2 methods (see below). Further more it provides a login shell |
| 26 | which is determined using one of 3 methods. |
| 27 | |
| 28 | As a bonus, this package provides a group-nss-plugin, assigning descriptive |
| 29 | names to PAG-groups (i.e. "AfsPag-1121" ). |
| 30 | |
| 31 | My main intention for writing this module was to provide a really simple |
| 32 | way of providing user accoung information to AFS-client machines. I wanted |
| 33 | to avoid using ldap withing the Instantafs-Project. |
| 34 | Visit http://instantafs.cbs.mpg.de for more information about InstantAFS. |
| 35 | |
| 36 | What about the homedirectories and login shells? |
| 37 | ------------------------------------------------ |
| 38 | |
| 39 | Homedirectories are determined by the nss-plugin but the configuration is done |
| 40 | by ptdbnssd. ptdbnssd accepts the parameters '-H' and '-S' to select a |
| 41 | method of determining homedirectories/login shells. Whenever a nss-plugin does |
| 42 | a lookup (either by uid or by name) ptdbnssd sends the current configuration |
| 43 | (basically: what you defined as -H and -S parameters) to the nss-plugin. |
| 44 | The Plugin then calculates the homedirectory and login shell on its own. |
| 45 | |
| 46 | The advantage of that concept is that filesystem-accesses are always done by |
| 47 | user programs, not locking ptdbnssd for other lookups. On the other hand, |
| 48 | it's possible to change the homedir/loginshell-policy by restarting ptdbnssd |
| 49 | host wide instantaniously. |
| 50 | |
| 51 | When using debian, just edit /etc/default/ptdbnssd to change the policy. |
| 52 | |
| 53 | What do I have to do to get it working? |
| 54 | --------------------------------------- |
| 55 | |
| 56 | Set up the AFS-client on your local computer. You must have a file |
| 57 | "/etc/openafs/ThisCell" containing *only* the full name of your |
| 58 | local cell. |
| 59 | |
| 60 | You need glibc- and openafs-headers (debian-packages glibc6-dev and |
| 61 | libopenafs-dev). |
| 62 | |
| 63 | Type that: |
| 64 | |
| 65 | # make |
| 66 | # make install |
| 67 | |
| 68 | Run the deamon (consider running it as an unprivileged user): |
| 69 | |
| 70 | $ /usr/bin/ptdbnssd |
| 71 | |
| 72 | Use /usr/lib/libnss-ptdb/nsstest to check, if ptdbnssd and the nss-module |
| 73 | are working correctly. If not, /usr/lib/libnss-ptdb/cstest helps you |
| 74 | to find out, if it's the deamon's fault. |
| 75 | |
| 76 | Modify /etc/nsswitch.conf , you need to rewrite the "passwd"- and the group-line: |
| 77 | |
| 78 | passwd: files ptdb |
| 79 | group: pag files |
| 80 | |
| 81 | Now use 'ls -l /afs/some/directory' to see, if it's working. |
| 82 | |
| 83 | Note: 'pag' should be the first group-plugin. The group name of PAG-groups is |
| 84 | calculated from their gid which is faster than i.e. a /etc/group-lookup. |
| 85 | |
| 86 | Debugging |
| 87 | --------- |
| 88 | |
| 89 | After building the package there are two additional binaries: |
| 90 | * cstest - Tries to resolve ID or username given at cmdline |
| 91 | by calling ptdbnssd directly |
| 92 | * nsstest - Tries to resolve ID or username given at cmdline |
| 93 | by using nss (libc name resolution). |
| 94 | |
| 95 | Last words |
| 96 | ---------- |
| 97 | |
| 98 | The code was heavily "inspired" by Todd M. Lewis' (*) nss_pts_0.2 - Thank |
| 99 | you very much, Todd :-) . |
| 100 | |
| 101 | (*) can be found @ http://www.unc.edu/~utoddl |
| 102 | |
| 103 | If you have any questions, suggestions, patches, ... feel free to send me |
| 104 | an eMail. |
| 105 | |
| 106 | Everything contained in this package is released under the terms of the |
| 107 | GNU Lesser General Public License (see COPYING). |
| 108 | |
| 109 | Good luck, |
| 110 | |
| 111 | -- Frank Burkhardt <burk@cbs.mpg.de> Fri, 06 Apr 2007 11:45:23 +0200 |