Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:installationguide:basic-nss [2011/04/18 21:18]
gradator
doc:installationguide:basic-nss [2013/08/09 12:32] (current)
gradator [Using libnss-pgsql2] access -> read
Line 44: Line 44:
   getent group   getent group
   getent passwd   getent passwd
-  ​getend ​shadow+  ​getent ​shadow
   id username   id username
  
-<​note ​critique>+<​note ​warning>
 Of course those examples are going to work and are a good start, however they are highly insecure. This way you are giving to any user on your system rights to fetch and modify your VHFFS database because ''/​etc/​nss-pgsql.conf''​ must be readable by anyone. Of course those examples are going to work and are a good start, however they are highly insecure. This way you are giving to any user on your system rights to fetch and modify your VHFFS database because ''/​etc/​nss-pgsql.conf''​ must be readable by anyone.
    
-So, you have to create a new user on PostgreSQL that can only access ​vhffs_passwd,​ vhffs_groups and vhffs_user_group tables.+So, you have to create a new user on PostgreSQL that can only read vhffs_passwd,​ vhffs_groups and vhffs_user_group tables.
 </​note>​ </​note>​
  
-<​note ​info>+<​note ​note>
 If you need authentication,​ this is a good idea to filter only activated users, so that users not created yet or disabled cannot log in. You can do this by adding a join on vhffs_object to vhffs_passwd and vhffs_shadow views. If you need authentication,​ this is a good idea to filter only activated users, so that users not created yet or disabled cannot log in. You can do this by adding a join on vhffs_object to vhffs_passwd and vhffs_shadow views.
 </​note>​ </​note>​
Line 152: Line 152:
 Install required dependencies:​ Install required dependencies:​
  
-  apt-get install libdbd-sqlite3-perl+  apt-get install libdbd-sqlite3-perl libdbd-pg-perl
  
 Then run the ''​nss-mirror.pl''​ script, it should work Then run the ''​nss-mirror.pl''​ script, it should work
Line 179: Line 179:
 Of course, you need to run from time to time the ''​nss-mirror.pl''​ script to update the SQLite databases, we let you add the necessary cron entry. Of course, you need to run from time to time the ''​nss-mirror.pl''​ script to update the SQLite databases, we let you add the necessary cron entry.
  
-<​note ​info>+<​note ​note>
 As you may have noticed, the mirror script don't need the VHFFS API to run, so you don't need to install VHFFS on hosts that only need a name service working (Web servers, FTP, ...). As you may have noticed, the mirror script don't need the VHFFS API to run, so you don't need to install VHFFS on hosts that only need a name service working (Web servers, FTP, ...).
 </​note>​ </​note>​
  
Recent changes RSS feed Creative Commons License Donate Minima Template by Wikidesign Driven by DokuWiki