Official website: http://fssos.sourceforge.net/ Flexible Single Sign-on Solutions This package contains 'nsvs' - one piece of the FSSOS project NSVS - Name Service Via Sockets ================================ Supported Operating Systems: o Linux (glibc >= 2.2.5) o Solaris (Sparc or Intel >= 8) (SEE NOTE BELOW) o FreeBSD (5.1+, prefer 5.2+) (SEE NOTE BELOW) Supported MySQL Versions: o MySQL 3.23.9 - 4.1.x Supported Compilers: o GCC (2.95.2, 3.x) NOTES: o Solaris and FreeBSD don't differentiate root access and non-root access to the shadow database; non-root users can access encrypted passwords. If those are DES, they can be brute-forced fairly easily. This will be fixed in future versions o Solaris 9+ is not fully unsupported. Sun's PAM modules have become so restrictive that you can't even properly authenticate via PAM anymore if there's an "nsvs" in /etc/nsswitch.conf. System routines like getpwnam will still work, so you can work around it some by compiling your apps with PAM turned *off* - however logging in via system programs such as telnet will fail. I'll be addressing this when I can; unfortunately it requires a PAM module that I'd need to write. It's on my TODO list ... Prerequisites ============= o Installing from source: o A functional compile environment (system headers, gcc, ...) o MySQL client library & header files (local) o MySQL server (local or remote) The details =========== o If installing from source: o ./configure o make o make install On some systems, libtool insists on adding "-lc" to the link stage (due to the way gcc was built for that system), which breaks nsvsd threading in daemon mode. If you see a "-lc" before a "-pthread" or "-lpthread", then you're in trouble. You'll notice the broken behavior in the form of fewer-than-expected threads running (3) and the inability to kill the parent process off without a "-9" signal. To fix this, do the following: PTRHEAD_LIBS="-lpthread -lc" ./configure and then run make/make install. If your MySQL installation is based in a strange directory, use the --with-mysql=DIR option of ./configure to specify. For example, "./configure --with-mysql=/usr2" o Add data to MySQL. The default configs will work well with the sample sql database in sample/nsvsd/default/sample_database.sql. Read that file for more details on the sample database. o Edit /etc/nsvsd.conf o Edit (or create) /etc/nsswitch.conf such that it contains at least the following: passwd: files nsvs group: files nsvs Linux also needs: shadow: files nsvs If you don't want groups from MySQL, simply don't include 'nsvs' in in the 'group' line. o Create the 'nsvsd' user if it doesn't exist o Start 'nsvsd' (e.g. "/sbin/nsvsd") 64-bit Support (SPARC V9/Solaris 8+) ==================================== Since 64-bit programs use 64-bit libraries and 32-bit programs use 32-bit libraries, we must produce two versions of the nsvs library. While most programs on Solaris are still 32-bit, some (such as 'ps') are not. 64-bit binaries will NOT see nsvs-users if you do not follow these directions. o Make sure 64-bit libgcc_s is available (SMCgcc package) o crle -64 -u -l /usr/local/lib/sparcv9 o Build a 64-bit nsvs (just the NSS library, nsvsd can remain 32-bit): o make clean o cd src/util o make CFLAGS=-m64 o cd ../nsvs o make CFLAGS=-m64 o make -e libdir=/usr/lib/sparcv9 install o Test it by using programs such as 'ls' and 'ps' from the /usr/bin/sparcv9 directory. At some point in the future, 64-bit support will be integrated. Debugging ========= You may start "nsvsd" in the foreground with debugging turned on: /sbin/nsvsd -d debug Also check your syslog files (e.g. /var/log/messages) $Id: README,v 1.8 2004/12/22 02:04:27 cinergi Exp $