Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
doc:installationguide:basic-nss [2011/04/18 21:18] gradator |
doc:installationguide:basic-nss [2011/04/20 22:54] gradator |
||
---|---|---|---|
Line 47: | Line 47: | ||
id username | id username | ||
- | <note critique> | + | <note warning> |
Of course those examples are going to work and are a good start, however they are highly insecure. This way you are giving to any user on your system rights to fetch and modify your VHFFS database because ''/etc/nss-pgsql.conf'' must be readable by anyone. | Of course those examples are going to work and are a good start, however they are highly insecure. This way you are giving to any user on your system rights to fetch and modify your VHFFS database because ''/etc/nss-pgsql.conf'' must be readable by anyone. | ||
Line 53: | Line 53: | ||
</note> | </note> | ||
- | <note info> | + | <note note> |
If you need authentication, this is a good idea to filter only activated users, so that users not created yet or disabled cannot log in. You can do this by adding a join on vhffs_object to vhffs_passwd and vhffs_shadow views. | If you need authentication, this is a good idea to filter only activated users, so that users not created yet or disabled cannot log in. You can do this by adding a join on vhffs_object to vhffs_passwd and vhffs_shadow views. | ||
</note> | </note> | ||
Line 179: | Line 179: | ||
Of course, you need to run from time to time the ''nss-mirror.pl'' script to update the SQLite databases, we let you add the necessary cron entry. | Of course, you need to run from time to time the ''nss-mirror.pl'' script to update the SQLite databases, we let you add the necessary cron entry. | ||
- | <note info> | + | <note note> |
As you may have noticed, the mirror script don't need the VHFFS API to run, so you don't need to install VHFFS on hosts that only need a name service working (Web servers, FTP, ...). | As you may have noticed, the mirror script don't need the VHFFS API to run, so you don't need to install VHFFS on hosts that only need a name service working (Web servers, FTP, ...). | ||
</note> | </note> | ||