diff options
-rw-r--r-- | system/nss-mysql/README | 15 | ||||
-rw-r--r-- | system/nss-mysql/README.SLACKWARE | 30 | ||||
-rw-r--r-- | system/nss-mysql/config/nsswitch-mysql.conf | 39 | ||||
-rw-r--r-- | system/nss-mysql/doinst.sh | 19 | ||||
-rw-r--r-- | system/nss-mysql/nss-mysql.SlackBuild | 84 | ||||
-rw-r--r-- | system/nss-mysql/nss-mysql.info | 10 | ||||
-rw-r--r-- | system/nss-mysql/patches/nss-mysql-1.0-config.patch | 137 | ||||
-rw-r--r-- | system/nss-mysql/slack-desc | 19 |
8 files changed, 353 insertions, 0 deletions
diff --git a/system/nss-mysql/README b/system/nss-mysql/README new file mode 100644 index 0000000000..03851e4a89 --- /dev/null +++ b/system/nss-mysql/README @@ -0,0 +1,15 @@ +The NSS-MySQL name service switch library + +libnss_mysql retrieves user account information from a MySQL database server. +Per default stored in /etc/{group,passwd,shadow} on Unix-like systems. Which +(partly) is similar in functionality to NIS, LDAP, RADIUS, Hesoid, winbindd + +When used over a remote-network uttermost care should be taken in the security +of this (such as TLS/SSL encrypting the connection) and even then storing any +valid password for such 'virtual' users is probably a bad idea in itself. + +Kerberos provides for a far superior single-sign-on authentication system +(the 'shadow' part in these setups) in both performance and security. + +Besides, this may break stuff so bad you'd need console access to fix it... +For some basic installation instructions though see README.SLACKWARE diff --git a/system/nss-mysql/README.SLACKWARE b/system/nss-mysql/README.SLACKWARE new file mode 100644 index 0000000000..b3155043e9 --- /dev/null +++ b/system/nss-mysql/README.SLACKWARE @@ -0,0 +1,30 @@ +On to the good stuff :-) + +To get this working (locally) login to the database server, presuming that +it is running; otherwise read /etc/rc.d/rc.mysqld first; to make the DB: + +# mysql -uroot -p +> CREATE DATABASE nss_mysql; + +After this is done it has to be populated with the user tables; there is +an example for them provided in /usr/doc/nss-mysql-1.0/sample.sql + +You can copy that to say /tmp, (probably) edit it some, and insert it with: + +# mysql -uroot -p -D nss_mysql < /tmp/sample.sql + +After this is done create the 'nss' and 'nss-shadow' database users with +statements such as the ones found in /usr/doc/nss-mysql-1.0/SHADOW +And make sure the passwords for them in /etc/nss-{mysql,mysql-root}.conf +match up... + +Now edit your /etc/nsswitch.conf to look like the -mysql version and try +the following commands: + +getent passwd +getent shadow + +Which should list the users pulled from mysql! +(Otherwise have a look at 'tail /var/log/syslog' for hints on how to fix it). + +-Menno. diff --git a/system/nss-mysql/config/nsswitch-mysql.conf b/system/nss-mysql/config/nsswitch-mysql.conf new file mode 100644 index 0000000000..d081f675bf --- /dev/null +++ b/system/nss-mysql/config/nsswitch-mysql.conf @@ -0,0 +1,39 @@ +# +# /etc/nsswitch.conf +# +# An example Name Service Switch config file. This file should be +# sorted with the most-used services at the beginning. +# +# The entry '[NOTFOUND=return]' means that the search for an +# entry should stop if the search in the previous entry turned +# up nothing. Note that if the search failed due to some other reason +# (like no NIS server responding) then the search continues with the +# next entry. +# +# Legal entries are: +# +# nisplus or nis+ Use NIS+ (NIS version 3) +# nis or yp Use NIS (NIS version 2), also called YP +# dns Use DNS (Domain Name Service) +# files Use the local files +# [NOTFOUND=return] Stop searching if not found so far +# + +passwd: files mysql +shadow: files mysql +group: files mysql + +hosts: files dns +networks: files dns + +services: files +protocols: files +rpc: files +ethers: files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files + diff --git a/system/nss-mysql/doinst.sh b/system/nss-mysql/doinst.sh new file mode 100644 index 0000000000..52667d67ec --- /dev/null +++ b/system/nss-mysql/doinst.sh @@ -0,0 +1,19 @@ +config() +{ + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Try not to mess over any costum settings +config etc/nss-mysql-root.conf.new +config etc/nss-mysql.conf.new +config etc/nsswitch.conf-mysql.new + diff --git a/system/nss-mysql/nss-mysql.SlackBuild b/system/nss-mysql/nss-mysql.SlackBuild new file mode 100644 index 0000000000..c2591b3c10 --- /dev/null +++ b/system/nss-mysql/nss-mysql.SlackBuild @@ -0,0 +1,84 @@ +#!/bin/sh + +# Slackware build script for NSS-MySQL + +# Written by Menno Duursma <druiloor@zonnet.nl> +# Modified by the SlackBuilds.org project + +# This program is free software. It comes without any warranty. +# Granted WTFPL, Version 2, as published by Sam Hocevar. See +# http://sam.zoy.org/wtfpl/COPYING for more details. + +PRGNAM=nss-mysql +VERSION=${VERSION:-1.0} +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +set -e # Exit on most errors +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +chmod -R u+w,go+r-w,a-s . + +# Apply patch to the documentation/examples +cat $CWD/patches/nss-mysql-1.0-config.patch | patch -p1 --verbose + +# This thing installs in /lib as users might still have to be able and +# login even in the event of /usr unavailability +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/ \ + --libdir=/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --with-mysql=/usr \ + --with-mysql-include=/usr/include/mysql \ + --with-mysql-lib=/usr/lib${LIBDIRSUFFIX}/mysql \ + --build=$ARCH-slackware-linux + +make +make install-strip DESTDIR=$PKG + +# Move configfiles to .new and let doinst.sh hanle them gracefully +( cd $PKG/etc + mv nss-mysql-root.conf nss-mysql-root.conf.new + mv nss-mysql.conf nss-mysql.conf.new +) + +# Copy the sample glibc config into place also +cat $CWD/config/nsswitch-mysql.conf > $PKG/etc/nsswitch.conf-mysql.new + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a [A-Z][A-Z]* ChangeLog *.sql $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/nss-mysql/nss-mysql.info b/system/nss-mysql/nss-mysql.info new file mode 100644 index 0000000000..0f8a765967 --- /dev/null +++ b/system/nss-mysql/nss-mysql.info @@ -0,0 +1,10 @@ +PRGNAM="nss-mysql" +VERSION="1.0" +HOMEPAGE="http://freshmeat.net/projects/nss-mysql" +DOWNLOAD="http://download.savannah.gnu.org/releases/nss-mysql/nss-mysql-1.0.tar.gz" +MD5SUM="a1bacf9bcdd8c5172b8074e268af1436" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Menno Duursma" +EMAIL="druiloor@zonnet.nl" +APPROVED="rworkman" diff --git a/system/nss-mysql/patches/nss-mysql-1.0-config.patch b/system/nss-mysql/patches/nss-mysql-1.0-config.patch new file mode 100644 index 0000000000..14c550a382 --- /dev/null +++ b/system/nss-mysql/patches/nss-mysql-1.0-config.patch @@ -0,0 +1,137 @@ +diff -ur nss-mysql-1.0.std/SHADOW nss-mysql-1.0/SHADOW +--- nss-mysql-1.0.std/SHADOW 2005-01-26 04:42:13.000000000 +0100 ++++ nss-mysql-1.0/SHADOW 2007-05-18 16:04:32.000000000 +0200 +@@ -45,7 +45,7 @@ + ## shadow extentions in your database, you must add these columns to the + ## following SQL request. + +-> GRANT select(user_name,password,user_id,status,name) on nss_mysql.user to ++> GRANT select(user_name,password,user_id,status) on nss_mysql.user to + 'nss-shadow'@localhost identified by 'another_password'; + + > FLUSH PRIVILEGES; +diff -ur nss-mysql-1.0.std/nss-mysql-root.conf nss-mysql-1.0/nss-mysql-root.conf +--- nss-mysql-1.0.std/nss-mysql-root.conf 2002-08-28 18:47:53.000000000 +0200 ++++ nss-mysql-1.0/nss-mysql-root.conf 2007-05-18 16:07:32.000000000 +0200 +@@ -46,7 +46,8 @@ + # 2) inet:host (port will be 3306) + # 3) host:port (inet socket will be used) + # 4) host (inet socket on port 3306 will be used) +-shadow.host = inet:localhost:3306; ++#shadow.host = inet:localhost:3306; ++shadow.host = unix:/var/run/mysql/mysql.sock; + + # database: database name + # This database MUST contain all the columns mentionned in this file +@@ -63,7 +64,7 @@ + # backup host + # A backup MySQL server + # Can be empty +-shadow.backup_host = inet:backup:3306; ++#shadow.backup_host = inet:backup:3306; + + # The following parameters are just like + # the main server. They can be empty. +@@ -71,7 +72,7 @@ + # the corresponding value for the main + # server will be use + +-shadow.backup_database = nss_mysql_backup; ++#shadow.backup_database = nss_mysql_backup; + # shadow.backup_db_user = nss; + # shadow.backup_db_password = mAip2sFxXJcw; + +@@ -103,39 +104,45 @@ + # if you do not have such a column, you can use something like + # shadow.lastchange_column = UNIX_TIMESTAMP()-10; + # The field name must be fully qualified, i.e. written as table.field +-shadow.lastchange_column = user.lastchange; ++#shadow.lastchange_column = user.lastchange; ++shadow.lastchange_column = UNIX_TIMESTAMP()-10; + + # min_column + # Minimum number of days to warn user to change the password + # if you do not have such a column, you can use something like + # shadow.min_column = 1; + # The field name must be fully qualified, i.e. written as table.field +-shadow.min_column = user.min; ++#shadow.min_column = user.min; ++shadow.min_column = 1; + + # max_column + # Maximum number of days to warn user to change the password + # if you do not have such a column, you can use something like + # shadow.max_column = 2; + # The field name must be fully qualified, i.e. written as table.field +-shadow.max_column = user.max; ++#shadow.max_column = user.max; ++shadow.max_column = 2; + + # warn_column + # Number of days to warn user to change the password + # if you do not have such a column, you can use something like + # shadow.warn_column = 7; + # The field name must be fully qualified, i.e. written as table.field +-shadow.warn_column = user.warn; ++#shadow.warn_column = user.warn; ++shadow.warn_column = 7; + + # inact_column + # Number of days the account may be inactive + # if you do not have such a column, you can use something like + # shadow.inact_column = -1; # disabled + # The field name must be fully qualified, i.e. written as table.field +-shadow.inact_column = user.inact; ++#shadow.inact_column = user.inact; ++shadow.inact_column = -1; + + # expire_column + # Number of days since 1970-01-01 until account expired + # if you do not have such a column, you can use something like + # shadow.expire_column = -1; # disabled + # The field name must be fully qualified, i.e. written as table.field +-shadow.expire_column = user.expire; ++#shadow.expire_column = user.expire; ++shadow.expire_column = -1; +diff -ur nss-mysql-1.0.std/nss-mysql.conf nss-mysql-1.0/nss-mysql.conf +--- nss-mysql-1.0.std/nss-mysql.conf 2002-08-28 18:47:53.000000000 +0200 ++++ nss-mysql-1.0/nss-mysql.conf 2007-05-18 16:08:12.000000000 +0200 +@@ -46,7 +46,8 @@ + # 2) inet:host (port will be 3306) + # 3) host:port (inet socket will be used) + # 4) host (inet socket on port 3306 will be used) +-users.host = inet:localhost:3306; ++#users.host = inet:localhost:3306; ++users.host = unix:/var/run/mysql/mysql.sock; + + # database: database name + # This database MUST contain all the columns mentionned in this file +@@ -63,7 +64,7 @@ + # backup host + # A backup MySQL server + # Can be empty +-users.backup_host = inet:backup:3306; ++#users.backup_host = inet:backup:3306; + + # The following parameters work just like + # the main server's. They can be empty. +@@ -71,7 +72,7 @@ + # the corresponding value for the main + # server will be used + +-users.backup_database = nss_mysql_backup; ++#users.backup_database = nss_mysql_backup; + # users.backup_db_user = nss; + # users.backup_db_password = mAip2sFxXJcw; + +diff -ur nss-mysql-1.0.std/sample.sql nss-mysql-1.0/sample.sql +--- nss-mysql-1.0.std/sample.sql 2005-01-26 04:39:06.000000000 +0100 ++++ nss-mysql-1.0/sample.sql 2007-05-18 16:04:11.000000000 +0200 +@@ -1,6 +1,6 @@ + # MySQL dump 8.9 + # +-# Host: localhost Database: nss-mysql ++# Host: localhost Database: nss_mysql + # + + # diff --git a/system/nss-mysql/slack-desc b/system/nss-mysql/slack-desc new file mode 100644 index 0000000000..d98cf09eaa --- /dev/null +++ b/system/nss-mysql/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +nss-mysql: nss-mysql (MySQL Name Service Switch Module) +nss-mysql: +nss-mysql: NSS-MySQL is a NSS library for MySQL. +nss-mysql: Featuring full groups, passwd and shadow support. +nss-mysql: +nss-mysql: The nss-mysql project was started by Steve Brown +nss-mysql: and is currently maintained by Guillaume Morin +nss-mysql: +nss-mysql: +nss-mysql: +nss-mysql: |