Date: Mon, 20 Mar 2000 16:31:37 -0600 From: Oscar Bonilla <obonilla@fisicc-ufm.edu> To: freebsd-hackers@FreeBSD.ORG Subject: NSS for FreeBSD Message-ID: <20000320163137.A17849@fisicc-ufm.edu>
next in thread | raw e-mail | index | archive | help
[ long email --- there's a specific question at the end ] I've started work a couple of weeks ago to port the NSS implementation from NetBSD to FreeBSD. This is needed for things like authenticating with an LDAP server, etc. If you search for LDAP in Hackers you'll find a thread that discusses why it's needed in more detail. I've put up a web page showing the status of the NSS port. It's at http://www.fisicc-ufm.edu/~obonilla/nss/ In brief: nsdispatch() has been incorporated to the FreeBSD libc code. getpwent(), getpwnam(), and getpwuid() all call nsdispatch() and work for both files and nis. I wish I could say that work in this file is completed, but I still haven't got to the compat implementation. See below. There are a bunch of other files that need to be modified to make use of the new nsdispatch function. There's a list at the URL given above. I need help with the NIS code. In particular I wish someone could explain to me exactly what the unwind() function in getpwent() does. In detail: The nsdispatch() function is *exactly* the same as in NetBSD. Thus, the NSS mechanism currently works on FreeBSD exactly as it workd in NetBSD. NetBSD's way: Basically you have a file named /etc/nsswitch.conf which tells the C library where to get the info from. So if you have a line saying: hosts files nis it means that /etc/hosts is checked first and the yp maps are checked next. The man page explains this in more detail and is available in the URL given above for those who don't have NetBSD. NetBSD provides also a compatibility mode for two of the system's databases (passwd and group). For example: passwd compat means that the system will behave as it did before the nsdispatch function was added. e.d. lookup files first and if it finds a line +:::::: then it will lookup nis. NetBSD provides an extra parameter, namely: passwd_compat nis which tells the system which database to use *after* files and when it finds the +::::: token. This makes sense since NetBSD supports two different databases besides files out of the box: NIS, and Hesiod (extra DNS records). I personally don't see this as a big benefit, since if I wanted to have the system lookup stuff first in files and then in, say, hesiod. I would just get rid of the +:::: token in /etc/passwd and change the /etc/nsswitch.conf to be: passwd files dns instead of relaying on the compat stuff. I'm sure there's a good reason they did it like this, I just can't seem to find it. FreeBSD's proposed way: Given that FreeBSD doesn't support Hesiod, I think it would make sense to have nsswitch behave the following way: *exactly* like NetBSD for all databases minus compat. *only* for compat: get rid of the foo_compat blah to select blah as the source for database foo and simply make compat mode behave exactly as it behaves now (pre nss); which is, lookup files and if it finds the +::::: token, lookup NIS. Specific Question: For the FreeBSD implementation of NSS: is it worth to have a way to tell the compat database which source to use for the +::::: token in /etc/passwd or should it just default to NIS? Help: If someone is interested in helping with this I would appreciate it. Thanks and Regards, -Oscar -- pgp public key: finger obonilla@fisicc-ufm.edu pgp fingerprint: 6D 18 8C 90 4C DF F0 4B DF 35 1F 69 A1 33 C7 BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000320163137.A17849>