FusionForge

Difference between revisions of "Configuration/NSS"

From FusionForge Wiki
Jump to: navigation, search
Line 39: Line 39:
 
$ ldconfig
 
$ ldconfig
 
</pre>
 
</pre>
 +
 +
== Configuration ==
 +
 +
Now we need to configure both NSS and libnss_pgsql so that the former will utilize the latter, and the latter will be able to access the database and knows how to query your table structure.
 +
 +
=== NSS Config ===
 +
 +
For NSS to be able to utilize our new module, we need to add the module's name to its configuration. Convention tells us that it will look for a module (on the loader-deamon's path) by the name of libnss_[LIBNAME]. Therefor we will add '''pgsql''' as a module to use for passwd and group resolving. This is done in /etc/nsswitch.conf, at the '''passwd''' and '''group''' lines:
 +
<pre>
 +
passwd: files pgsql
 +
group: files pgsql
 +
</pre>
 +
 +
=== libnss_pgsql Config ===

Revision as of 13:27, 11 January 2010

FusionForge provides native security services by coupling your Postgresql database with the Name Service Switch (NSS). To use this functionality you need to compile, install and configure a NSS module that will handle communication with your database.

This module is called libnss_pgsql, and is available from [1]. At the time of writing, the latest version is 1.4.0, which is used in this document and available for download here. Note that different versions might have different compilation and configuration requirements.

In this document we assume you are logged in as root on your server. We have successfully installed the module on CENTOS 5.0, but on different UNIX based systems the process should work in a similar way.

Preparation

First we need to download and unpack the library, and set up our installation directory. Note that we use the /opt directory.

$ cd /opt
$ wget http://pgfoundry.org/frs/download.php/605/libnss-pgsql-1.4.0.tgz
$ tar -xvvf libnss-pgsql-1.4.0.tgz
$ mkdir libnss_pgsql

Compilation and Installation

We start by compiling the library, using our installation directory as prefix and explicitly naming the directory where the configuration file will be stored. The latter needs to be done explicitly, since the library's defaults are not intuitive - at least in our case they weren't.

$ cd /opt/libnss-pgsql-1.4.0
$ ./configure --prefix=/opt/libnss_pgsql --sysconfdir=/etc
$ make
$ make install
$ make distclean

Since we have installed the library in /opt/libnss_pgsql, we'll have to adjust the global library path to make sure the system can find our module. This is generally done in the loader-deamon's configuration, found at /etc/ld.so.conf.

Include the following on the first line of this file:

/opt/libnss_pgsql/lib

After this we need to rebuild the loader-deamon's cache file by running:

$ ldconfig

Configuration

Now we need to configure both NSS and libnss_pgsql so that the former will utilize the latter, and the latter will be able to access the database and knows how to query your table structure.

NSS Config

For NSS to be able to utilize our new module, we need to add the module's name to its configuration. Convention tells us that it will look for a module (on the loader-deamon's path) by the name of libnss_[LIBNAME]. Therefor we will add pgsql as a module to use for passwd and group resolving. This is done in /etc/nsswitch.conf, at the passwd and group lines:

passwd: files pgsql
group: files pgsql

libnss_pgsql Config