Official website: http://fssos.sourceforge.net/
Flexible Single Sign-on Solutions
This package contains 'nsvs' - one piece of the FSSOS project
NSVS - Name Service Via Sockets
================================
Supported Operating Systems:
o Linux (glibc >= 2.2.5)
o Solaris (Sparc or Intel >= 8) (SEE NOTE BELOW)
o FreeBSD (5.1+, prefer 5.2+) (SEE NOTE BELOW)
Supported MySQL Versions:
o MySQL 3.23.9 - 4.1.x
Supported Compilers:
o GCC (2.95.2, 3.x)
NOTES:
o Solaris and FreeBSD don't differentiate root access and non-root
access to the shadow database; non-root users can access encrypted
passwords. If those are DES, they can be brute-forced fairly easily.
This will be fixed in future versions
o Solaris 9+ is not fully unsupported. Sun's PAM modules have become
so restrictive that you can't even properly authenticate via PAM
anymore if there's an "nsvs" in /etc/nsswitch.conf. System routines
like getpwnam will still work, so you can work around it some by
compiling your apps with PAM turned *off* - however logging in via
system programs such as telnet will fail. I'll be addressing this
when I can; unfortunately it requires a PAM module that I'd need to
write. It's on my TODO list ...
Prerequisites
=============
o Installing from source:
o A functional compile environment (system headers, gcc, ...)
o MySQL client library & header files (local)
o MySQL server (local or remote)
The details
===========
o If installing from source:
o ./configure
o make
o make install
On some systems, libtool insists on adding "-lc" to the link stage
(due to the way gcc was built for that system), which breaks nsvsd
threading in daemon mode. If you see a "-lc" before a "-pthread" or
"-lpthread", then you're in trouble. You'll notice the broken behavior
in the form of fewer-than-expected threads running (3) and the inability
to kill the parent process off without a "-9" signal. To fix this, do
the following:
PTRHEAD_LIBS="-lpthread -lc" ./configure
and then run make/make install.
If your MySQL installation is based in a strange directory, use
the --with-mysql=DIR option of ./configure to specify. For example,
"./configure --with-mysql=/usr2"
o Add data to MySQL. The default configs will work well with the sample
sql database in sample/nsvsd/default/sample_database.sql.
Read that file for more details on the sample database.
o Edit /etc/nsvsd.conf
o Edit (or create) /etc/nsswitch.conf such that it contains at least the
following:
passwd: files nsvs
group: files nsvs
Linux also needs:
shadow: files nsvs
If you don't want groups from MySQL, simply don't include 'nsvs' in
in the 'group' line.
o Create the 'nsvsd' user if it doesn't exist
o Start 'nsvsd' (e.g. "/sbin/nsvsd")
64-bit Support (SPARC V9/Solaris 8+)
====================================
Since 64-bit programs use 64-bit libraries and 32-bit programs use 32-bit
libraries, we must produce two versions of the nsvs library. While most
programs on Solaris are still 32-bit, some (such as 'ps') are not. 64-bit
binaries will NOT see nsvs-users if you do not follow these directions.
o Make sure 64-bit libgcc_s is available (SMCgcc package)
o crle -64 -u -l /usr/local/lib/sparcv9
o Build a 64-bit nsvs (just the NSS library, nsvsd can remain 32-bit):
o make clean
o cd src/util
o make CFLAGS=-m64
o cd ../nsvs
o make CFLAGS=-m64
o make -e libdir=/usr/lib/sparcv9 install
o Test it by using programs such as 'ls' and 'ps' from the /usr/bin/sparcv9
directory.
At some point in the future, 64-bit support will be integrated.
Debugging
=========
You may start "nsvsd" in the foreground with debugging turned on:
/sbin/nsvsd -d debug
Also check your syslog files (e.g. /var/log/messages)
$Id: README,v 1.8 2004/12/22 02:04:27 cinergi Exp $