Date: Wed, 21 Apr 2021 08:35:18 -0600 From: Ron Wills <ron@digitalcombine.ca> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Debugging nsswitch.conf Message-ID: <YIA4Jt4lLIj302rZ@digitalcombine.ca> In-Reply-To: <YH%2BQldYhFGbR/jiB@digitalcombine.ca> References: <YH3UjJQGl7DDUF20@digitalcombine.ca> <YH%2BQldYhFGbR/jiB@digitalcombine.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--SSjRNXnAfwolWomj Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 20, 2021 at 08:40:21PM -0600, Ron Wills wrote: > On Mon, Apr 19, 2021 at 01:05:48PM -0600, Ron Wills wrote: > > I'm attempting to create something like a BBS with sshd within a jail. > > Because of the flexablity of ssh I want the absolute minimum in the > > jail and I want sshd to authenicate through PostgreSQL. > >=20 > > I have both libnss-pgsql and pam-pgsql installed and added to the jail. > > When I set nsswitch.conf to: > > groups: files > > passwd: files > >=20 > > I can see the users from the master.passwd file and can see pam-pgsql > > connect to the database and fail. The failure is because the two aren't > > currently in sync. > >=20 > > When I set nsswitch.conf to: > > groups: pgsql > > passwd: pgsql >=20 > I ran ktrace on "getent passwd" and discovered the problem. When pgsql > is specified, nss attempts to load the library nss_pgsql.so.1. The > package libnss-pgsql installs the library lib_pgsql.so.2.0.0 and links. > Renaming the libraries fixed the problem. Incase anyone is interested a cleaner fix is to add the following line to /etc/libmap.conf: nss_pgsql.so.1 libnss_pgsql.so.2 This will remap the library loading to the correct library. > If I'm not mistaken here I'm seeing two problems. >=20 > The most obvious being the library file name in the package. >=20 > The other problem is with the nss system. Should it be looking for a > versioned library file. Wouldn't searching for nss_pgsql.so be better > form than nss_pgsql.so.1? And possibly the man page for nsswitch.conf > should include some kind of blurb for loadable modules. I haven't been > able to find any other documentation on the nss system than there. >=20 > I'm new to FreeBSD and I'm not quite sure where I should report this. > I'd be happy to help to improve things where I can :) >=20 > > I get absolutely nothing. Getent returns nothing. I see nothing logged. > > I don't see any attempts to connect to the database. NSS just silently > > fails. I'm at lose. I'm sure I'm probably just missing something > > simple... Here's the nss configuration for the jail at the > > moment on FreeBSD 12.2. > >=20 --SSjRNXnAfwolWomj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWX8XQo7M2P74baiqFcJdzwlfq9IFAmCAOCYACgkQFcJdzwlf q9JZqBAArtRuCF/frL50M9IXODYaILtekZSLGtBEzfbRHQxCoUQlYWo2CkAHdsEr CpekFoP9TMUaMFVm318Tl93N3HT6zi5VsxlxbfRRaA6iobaka82bs2ZbfdUWI3Un k4wkBrY4FLCx2nL7Z1IPwKvPlw0IwBY0c8VZV+CEqWE5lBh5XuDwAcjPSk1UG5UP OSwWga2r6quCCL+Bvqj0XJ9WXgMqXbdWXe2SpPpM4VCNqx8f+8M6J3YKzInDGL39 xAi1tV0g47pxTPQLC4aohme5+avw26nT2Wxm8kdhuYLn7NihjhOBR+aEE3gb3Uss WnL9Odm9clBPWIB8Qwsh66AV6BfcIxl/ngGsTSqJOKVxcIbtJ1Htt7V4Xbpz8v/d 5naROm+VcQwgZxBYGGw4wVzesqx7lqHv0PmWEZ/OYaGP7j4LV5cK02kNTbJVhJXR SQP9yzCkunwhze6mPyDbj4oKkr0/qTK2jJr3OtLS7TOhLQzaecffXuRnbPgg2sFL sX/xROdCM9/G5THLW9eQeOhujbNrdQFAzYFetmyMYhJQjCWwS6hSrauaEQcARJOv i69fpHWpgoXy0ti+0TqARDpKPjwHr/Rux1NrQHA0T8dn9EirSBAhBl9kGmPXA9ul YtxGl5oON/NDlT9REeoJNUz9TpAFI9CM3CdzkwBtob+12djSDAc= =p+GT -----END PGP SIGNATURE----- --SSjRNXnAfwolWomj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YIA4Jt4lLIj302rZ>