Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
doc:installationguide:basic-nss [2011/04/18 21:18] gradator |
doc:installationguide:basic-nss [2013/08/09 12:32] (current) gradator [Using libnss-pgsql2] access -> read |
||
---|---|---|---|
Line 44: | Line 44: | ||
getent group | getent group | ||
getent passwd | getent passwd | ||
- | getend shadow | + | getent shadow |
id username | id username | ||
- | <note critique> | + | <note warning> |
Of course those examples are going to work and are a good start, however they are highly insecure. This way you are giving to any user on your system rights to fetch and modify your VHFFS database because ''/etc/nss-pgsql.conf'' must be readable by anyone. | Of course those examples are going to work and are a good start, however they are highly insecure. This way you are giving to any user on your system rights to fetch and modify your VHFFS database because ''/etc/nss-pgsql.conf'' must be readable by anyone. | ||
- | So, you have to create a new user on PostgreSQL that can only access vhffs_passwd, vhffs_groups and vhffs_user_group tables. | + | So, you have to create a new user on PostgreSQL that can only read vhffs_passwd, vhffs_groups and vhffs_user_group tables. |
</note> | </note> | ||
- | <note info> | + | <note note> |
If you need authentication, this is a good idea to filter only activated users, so that users not created yet or disabled cannot log in. You can do this by adding a join on vhffs_object to vhffs_passwd and vhffs_shadow views. | If you need authentication, this is a good idea to filter only activated users, so that users not created yet or disabled cannot log in. You can do this by adding a join on vhffs_object to vhffs_passwd and vhffs_shadow views. | ||
</note> | </note> | ||
Line 152: | Line 152: | ||
Install required dependencies: | Install required dependencies: | ||
- | apt-get install libdbd-sqlite3-perl | + | apt-get install libdbd-sqlite3-perl libdbd-pg-perl |
Then run the ''nss-mirror.pl'' script, it should work | Then run the ''nss-mirror.pl'' script, it should work | ||
Line 179: | Line 179: | ||
Of course, you need to run from time to time the ''nss-mirror.pl'' script to update the SQLite databases, we let you add the necessary cron entry. | Of course, you need to run from time to time the ''nss-mirror.pl'' script to update the SQLite databases, we let you add the necessary cron entry. | ||
- | <note info> | + | <note note> |
As you may have noticed, the mirror script don't need the VHFFS API to run, so you don't need to install VHFFS on hosts that only need a name service working (Web servers, FTP, ...). | As you may have noticed, the mirror script don't need the VHFFS API to run, so you don't need to install VHFFS on hosts that only need a name service working (Web servers, FTP, ...). | ||
</note> | </note> | ||