summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/nss-mysql/README15
-rw-r--r--system/nss-mysql/README.SLACKWARE30
-rw-r--r--system/nss-mysql/config/nsswitch-mysql.conf39
-rw-r--r--system/nss-mysql/doinst.sh19
-rw-r--r--system/nss-mysql/nss-mysql.SlackBuild84
-rw-r--r--system/nss-mysql/nss-mysql.info10
-rw-r--r--system/nss-mysql/patches/nss-mysql-1.0-config.patch137
-rw-r--r--system/nss-mysql/slack-desc19
8 files changed, 353 insertions, 0 deletions
diff --git a/system/nss-mysql/README b/system/nss-mysql/README
new file mode 100644
index 0000000000..03851e4a89
--- /dev/null
+++ b/system/nss-mysql/README
@@ -0,0 +1,15 @@
+The NSS-MySQL name service switch library
+
+libnss_mysql retrieves user account information from a MySQL database server.
+Per default stored in /etc/{group,passwd,shadow} on Unix-like systems. Which
+(partly) is similar in functionality to NIS, LDAP, RADIUS, Hesoid, winbindd
+
+When used over a remote-network uttermost care should be taken in the security
+of this (such as TLS/SSL encrypting the connection) and even then storing any
+valid password for such 'virtual' users is probably a bad idea in itself.
+
+Kerberos provides for a far superior single-sign-on authentication system
+(the 'shadow' part in these setups) in both performance and security.
+
+Besides, this may break stuff so bad you'd need console access to fix it...
+For some basic installation instructions though see README.SLACKWARE
diff --git a/system/nss-mysql/README.SLACKWARE b/system/nss-mysql/README.SLACKWARE
new file mode 100644
index 0000000000..b3155043e9
--- /dev/null
+++ b/system/nss-mysql/README.SLACKWARE
@@ -0,0 +1,30 @@
+On to the good stuff :-)
+
+To get this working (locally) login to the database server, presuming that
+it is running; otherwise read /etc/rc.d/rc.mysqld first; to make the DB:
+
+# mysql -uroot -p
+> CREATE DATABASE nss_mysql;
+
+After this is done it has to be populated with the user tables; there is
+an example for them provided in /usr/doc/nss-mysql-1.0/sample.sql
+
+You can copy that to say /tmp, (probably) edit it some, and insert it with:
+
+# mysql -uroot -p -D nss_mysql < /tmp/sample.sql
+
+After this is done create the 'nss' and 'nss-shadow' database users with
+statements such as the ones found in /usr/doc/nss-mysql-1.0/SHADOW
+And make sure the passwords for them in /etc/nss-{mysql,mysql-root}.conf
+match up...
+
+Now edit your /etc/nsswitch.conf to look like the -mysql version and try
+the following commands:
+
+getent passwd
+getent shadow
+
+Which should list the users pulled from mysql!
+(Otherwise have a look at 'tail /var/log/syslog' for hints on how to fix it).
+
+-Menno.
diff --git a/system/nss-mysql/config/nsswitch-mysql.conf b/system/nss-mysql/config/nsswitch-mysql.conf
new file mode 100644
index 0000000000..d081f675bf
--- /dev/null
+++ b/system/nss-mysql/config/nsswitch-mysql.conf
@@ -0,0 +1,39 @@
+#
+# /etc/nsswitch.conf
+#
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
+#
+# The entry '[NOTFOUND=return]' means that the search for an
+# entry should stop if the search in the previous entry turned
+# up nothing. Note that if the search failed due to some other reason
+# (like no NIS server responding) then the search continues with the
+# next entry.
+#
+# Legal entries are:
+#
+# nisplus or nis+ Use NIS+ (NIS version 3)
+# nis or yp Use NIS (NIS version 2), also called YP
+# dns Use DNS (Domain Name Service)
+# files Use the local files
+# [NOTFOUND=return] Stop searching if not found so far
+#
+
+passwd: files mysql
+shadow: files mysql
+group: files mysql
+
+hosts: files dns
+networks: files dns
+
+services: files
+protocols: files
+rpc: files
+ethers: files
+netmasks: files
+netgroup: files
+bootparams: files
+
+automount: files
+aliases: files
+
diff --git a/system/nss-mysql/doinst.sh b/system/nss-mysql/doinst.sh
new file mode 100644
index 0000000000..52667d67ec
--- /dev/null
+++ b/system/nss-mysql/doinst.sh
@@ -0,0 +1,19 @@
+config()
+{
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Try not to mess over any costum settings
+config etc/nss-mysql-root.conf.new
+config etc/nss-mysql.conf.new
+config etc/nsswitch.conf-mysql.new
+
diff --git a/system/nss-mysql/nss-mysql.SlackBuild b/system/nss-mysql/nss-mysql.SlackBuild
new file mode 100644
index 0000000000..c2591b3c10
--- /dev/null
+++ b/system/nss-mysql/nss-mysql.SlackBuild
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+# Slackware build script for NSS-MySQL
+
+# Written by Menno Duursma <druiloor@zonnet.nl>
+# Modified by the SlackBuilds.org project
+
+# This program is free software. It comes without any warranty.
+# Granted WTFPL, Version 2, as published by Sam Hocevar. See
+# http://sam.zoy.org/wtfpl/COPYING for more details.
+
+PRGNAM=nss-mysql
+VERSION=${VERSION:-1.0}
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+fi
+
+set -e # Exit on most errors
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+chmod -R u+w,go+r-w,a-s .
+
+# Apply patch to the documentation/examples
+cat $CWD/patches/nss-mysql-1.0-config.patch | patch -p1 --verbose
+
+# This thing installs in /lib as users might still have to be able and
+# login even in the event of /usr unavailability
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/ \
+ --libdir=/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --with-mysql=/usr \
+ --with-mysql-include=/usr/include/mysql \
+ --with-mysql-lib=/usr/lib${LIBDIRSUFFIX}/mysql \
+ --build=$ARCH-slackware-linux
+
+make
+make install-strip DESTDIR=$PKG
+
+# Move configfiles to .new and let doinst.sh hanle them gracefully
+( cd $PKG/etc
+ mv nss-mysql-root.conf nss-mysql-root.conf.new
+ mv nss-mysql.conf nss-mysql.conf.new
+)
+
+# Copy the sample glibc config into place also
+cat $CWD/config/nsswitch-mysql.conf > $PKG/etc/nsswitch.conf-mysql.new
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a [A-Z][A-Z]* ChangeLog *.sql $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/nss-mysql/nss-mysql.info b/system/nss-mysql/nss-mysql.info
new file mode 100644
index 0000000000..0f8a765967
--- /dev/null
+++ b/system/nss-mysql/nss-mysql.info
@@ -0,0 +1,10 @@
+PRGNAM="nss-mysql"
+VERSION="1.0"
+HOMEPAGE="http://freshmeat.net/projects/nss-mysql"
+DOWNLOAD="http://download.savannah.gnu.org/releases/nss-mysql/nss-mysql-1.0.tar.gz"
+MD5SUM="a1bacf9bcdd8c5172b8074e268af1436"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Menno Duursma"
+EMAIL="druiloor@zonnet.nl"
+APPROVED="rworkman"
diff --git a/system/nss-mysql/patches/nss-mysql-1.0-config.patch b/system/nss-mysql/patches/nss-mysql-1.0-config.patch
new file mode 100644
index 0000000000..14c550a382
--- /dev/null
+++ b/system/nss-mysql/patches/nss-mysql-1.0-config.patch
@@ -0,0 +1,137 @@
+diff -ur nss-mysql-1.0.std/SHADOW nss-mysql-1.0/SHADOW
+--- nss-mysql-1.0.std/SHADOW 2005-01-26 04:42:13.000000000 +0100
++++ nss-mysql-1.0/SHADOW 2007-05-18 16:04:32.000000000 +0200
+@@ -45,7 +45,7 @@
+ ## shadow extentions in your database, you must add these columns to the
+ ## following SQL request.
+
+-> GRANT select(user_name,password,user_id,status,name) on nss_mysql.user to
++> GRANT select(user_name,password,user_id,status) on nss_mysql.user to
+ 'nss-shadow'@localhost identified by 'another_password';
+
+ > FLUSH PRIVILEGES;
+diff -ur nss-mysql-1.0.std/nss-mysql-root.conf nss-mysql-1.0/nss-mysql-root.conf
+--- nss-mysql-1.0.std/nss-mysql-root.conf 2002-08-28 18:47:53.000000000 +0200
++++ nss-mysql-1.0/nss-mysql-root.conf 2007-05-18 16:07:32.000000000 +0200
+@@ -46,7 +46,8 @@
+ # 2) inet:host (port will be 3306)
+ # 3) host:port (inet socket will be used)
+ # 4) host (inet socket on port 3306 will be used)
+-shadow.host = inet:localhost:3306;
++#shadow.host = inet:localhost:3306;
++shadow.host = unix:/var/run/mysql/mysql.sock;
+
+ # database: database name
+ # This database MUST contain all the columns mentionned in this file
+@@ -63,7 +64,7 @@
+ # backup host
+ # A backup MySQL server
+ # Can be empty
+-shadow.backup_host = inet:backup:3306;
++#shadow.backup_host = inet:backup:3306;
+
+ # The following parameters are just like
+ # the main server. They can be empty.
+@@ -71,7 +72,7 @@
+ # the corresponding value for the main
+ # server will be use
+
+-shadow.backup_database = nss_mysql_backup;
++#shadow.backup_database = nss_mysql_backup;
+ # shadow.backup_db_user = nss;
+ # shadow.backup_db_password = mAip2sFxXJcw;
+
+@@ -103,39 +104,45 @@
+ # if you do not have such a column, you can use something like
+ # shadow.lastchange_column = UNIX_TIMESTAMP()-10;
+ # The field name must be fully qualified, i.e. written as table.field
+-shadow.lastchange_column = user.lastchange;
++#shadow.lastchange_column = user.lastchange;
++shadow.lastchange_column = UNIX_TIMESTAMP()-10;
+
+ # min_column
+ # Minimum number of days to warn user to change the password
+ # if you do not have such a column, you can use something like
+ # shadow.min_column = 1;
+ # The field name must be fully qualified, i.e. written as table.field
+-shadow.min_column = user.min;
++#shadow.min_column = user.min;
++shadow.min_column = 1;
+
+ # max_column
+ # Maximum number of days to warn user to change the password
+ # if you do not have such a column, you can use something like
+ # shadow.max_column = 2;
+ # The field name must be fully qualified, i.e. written as table.field
+-shadow.max_column = user.max;
++#shadow.max_column = user.max;
++shadow.max_column = 2;
+
+ # warn_column
+ # Number of days to warn user to change the password
+ # if you do not have such a column, you can use something like
+ # shadow.warn_column = 7;
+ # The field name must be fully qualified, i.e. written as table.field
+-shadow.warn_column = user.warn;
++#shadow.warn_column = user.warn;
++shadow.warn_column = 7;
+
+ # inact_column
+ # Number of days the account may be inactive
+ # if you do not have such a column, you can use something like
+ # shadow.inact_column = -1; # disabled
+ # The field name must be fully qualified, i.e. written as table.field
+-shadow.inact_column = user.inact;
++#shadow.inact_column = user.inact;
++shadow.inact_column = -1;
+
+ # expire_column
+ # Number of days since 1970-01-01 until account expired
+ # if you do not have such a column, you can use something like
+ # shadow.expire_column = -1; # disabled
+ # The field name must be fully qualified, i.e. written as table.field
+-shadow.expire_column = user.expire;
++#shadow.expire_column = user.expire;
++shadow.expire_column = -1;
+diff -ur nss-mysql-1.0.std/nss-mysql.conf nss-mysql-1.0/nss-mysql.conf
+--- nss-mysql-1.0.std/nss-mysql.conf 2002-08-28 18:47:53.000000000 +0200
++++ nss-mysql-1.0/nss-mysql.conf 2007-05-18 16:08:12.000000000 +0200
+@@ -46,7 +46,8 @@
+ # 2) inet:host (port will be 3306)
+ # 3) host:port (inet socket will be used)
+ # 4) host (inet socket on port 3306 will be used)
+-users.host = inet:localhost:3306;
++#users.host = inet:localhost:3306;
++users.host = unix:/var/run/mysql/mysql.sock;
+
+ # database: database name
+ # This database MUST contain all the columns mentionned in this file
+@@ -63,7 +64,7 @@
+ # backup host
+ # A backup MySQL server
+ # Can be empty
+-users.backup_host = inet:backup:3306;
++#users.backup_host = inet:backup:3306;
+
+ # The following parameters work just like
+ # the main server's. They can be empty.
+@@ -71,7 +72,7 @@
+ # the corresponding value for the main
+ # server will be used
+
+-users.backup_database = nss_mysql_backup;
++#users.backup_database = nss_mysql_backup;
+ # users.backup_db_user = nss;
+ # users.backup_db_password = mAip2sFxXJcw;
+
+diff -ur nss-mysql-1.0.std/sample.sql nss-mysql-1.0/sample.sql
+--- nss-mysql-1.0.std/sample.sql 2005-01-26 04:39:06.000000000 +0100
++++ nss-mysql-1.0/sample.sql 2007-05-18 16:04:11.000000000 +0200
+@@ -1,6 +1,6 @@
+ # MySQL dump 8.9
+ #
+-# Host: localhost Database: nss-mysql
++# Host: localhost Database: nss_mysql
+ #
+
+ #
diff --git a/system/nss-mysql/slack-desc b/system/nss-mysql/slack-desc
new file mode 100644
index 0000000000..d98cf09eaa
--- /dev/null
+++ b/system/nss-mysql/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+nss-mysql: nss-mysql (MySQL Name Service Switch Module)
+nss-mysql:
+nss-mysql: NSS-MySQL is a NSS library for MySQL.
+nss-mysql: Featuring full groups, passwd and shadow support.
+nss-mysql:
+nss-mysql: The nss-mysql project was started by Steve Brown
+nss-mysql: and is currently maintained by Guillaume Morin
+nss-mysql:
+nss-mysql:
+nss-mysql:
+nss-mysql: