Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Mar 2000 16:31:37 -0600
From:      Oscar Bonilla <obonilla@fisicc-ufm.edu>
To:        freebsd-hackers@FreeBSD.ORG
Subject:   NSS for FreeBSD
Message-ID:  <20000320163137.A17849@fisicc-ufm.edu>

next in thread | raw e-mail | index | archive | help
[ long email --- there's a specific question at the end ]

I've started work a couple of weeks ago to port the NSS implementation
from NetBSD to FreeBSD. This is needed for things like authenticating
with an LDAP server, etc. If you search for LDAP in Hackers you'll find
a thread that discusses why it's needed in more detail.

I've put up a web page showing the status of the NSS port. It's at
http://www.fisicc-ufm.edu/~obonilla/nss/

In brief:

	nsdispatch() has been incorporated to the FreeBSD libc code.

	getpwent(), getpwnam(), and getpwuid() all call nsdispatch() 
	and work for both files and nis. I wish I could say that work
	in this file is completed, but I still haven't got to the
	compat implementation. See below.

	There are a bunch of other files that need to be modified 
	to make use of the new nsdispatch function. There's a list
	at the URL given above.

	I need help with the NIS code. In particular I wish someone
	could explain to me exactly what the unwind() function in 
	getpwent() does.

In detail:

	The nsdispatch() function is *exactly* the same as in NetBSD.
	Thus, the NSS mechanism currently works on FreeBSD exactly as
	it workd in NetBSD.

NetBSD's way:

	Basically you have a file named /etc/nsswitch.conf which tells
	the C library where to get the info from. So if you have a 
	line saying:

	hosts	files nis

	it means that /etc/hosts is checked first and the yp maps are
	checked next. The man page explains this in more detail and
	is available in the URL given above for those who don't have
	NetBSD.

	NetBSD provides also a compatibility mode for two of the system's
	databases (passwd and group). For example:

	passwd     compat

	means that the system will behave as it did before the nsdispatch
	function was added. e.d. lookup files first and if it finds a line
	+:::::: then it will lookup nis.

	NetBSD provides an extra parameter, namely:

	passwd_compat    nis

	which tells the system which database to use *after* files and when
	it finds the +::::: token. This makes sense since NetBSD supports
	two different databases besides files out of the box: NIS, and
	Hesiod (extra DNS records).

	I personally don't see this as a big benefit, since if I wanted to
	have the system lookup stuff first in files and then in, say, hesiod.
	I would just get rid of the +:::: token in /etc/passwd and change
	the /etc/nsswitch.conf to be:

	passwd files dns

	instead of relaying on the compat stuff. I'm sure there's a good
	reason they did it like this, I just can't seem to find it.

FreeBSD's proposed way:

	Given that FreeBSD doesn't support Hesiod, I think it would make
	sense to have nsswitch behave the following way: 

	*exactly* like NetBSD for all databases minus compat.

	*only* for compat: get rid of the 

	foo_compat	blah

	to select blah as the source for database foo and simply 
	make compat mode behave exactly as it behaves now (pre nss);
	which is, lookup files and if it finds the +::::: token, lookup
	NIS.

Specific Question:

	For the FreeBSD implementation of NSS: is it worth to have a way
	to tell the compat database which source to use for the +:::::
	token in /etc/passwd or should it just default to NIS?

Help:

	If someone is interested in helping with this I would appreciate it.

Thanks and Regards,

-Oscar

-- 
pgp public key: finger obonilla@fisicc-ufm.edu
pgp fingerprint: 6D 18 8C 90 4C DF F0 4B  DF 35 1F 69 A1 33 C7 BC


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000320163137.A17849>