donapieppo / libnss-ato Goto Github PK
View Code? Open in Web Editor NEWThe libnss_ato module is a set of C library extensions which allows to map every nss request for unknown user to a single predefined user.
License: Other
The libnss_ato module is a set of C library extensions which allows to map every nss request for unknown user to a single predefined user.
License: Other
Greetings once again,
I wrote my own module (and actually ripped a function or two from yours ๐),
and I am having some issues assigning the group id.
On Debian, the users
group is 100
, however, the MIN_GID_NUMBER
is set to 1000
(See: http://www.linfo.org/uid.html).
Source:
Hi,
I am trying to configure a setting where the first authentication method is Radius, if it fails, then use the local passwd file to authenticate. I have my nsswitch.conf file configured as follows and I also have a valid RADIUS server configured:
passwd: ato files
group: files
shadow: ato files
gshadow: files
With this setting, I am not able to authenticate the local users that is on the /etc/passwd file.
However, if the settings are reversed as 'files ato', I am able to authenticate both local and radius users. Do you know if this is a known bug or am I missing a configuration somewhere?
Thank you!
I am trying to compile the library in Apline and it seems that fgetpwent is not available in musl. Since my use case does not require an actual user I will probably solve it with hardcoding, but would there be any interest in making config file not dependant on GNU code? Are there any downsides of manually parsing the config file?
Is it possible to limit libnss ato functionality to skip names like "test_name.test_group". This creates an issue that command like "chown test_user.test_group a" to treat "test_user.test_group" as a username where chown would want "test_user" as username and "test_group" as the usergroup.
Same is the issue with "test_user:test_group"
Hi All,
It looks like this project is not maintained anymore (Last commit was 4 years ago).
I'm looking for an equivalent or better alternative for libnss-ato which is actively maintained. Any suggestions?
Thanks.
I am using this library with pam_tacacs. I can log in with tacacs user as a configured user in conf. But I can't switch to root
. How to specify more groups ?
because when I run id test_user
I am getting
id=1000(test_user) gid=1000(test_user) groups=1000(test_user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(lpadmin),112(sambashare)
and when I am logged in with tacacs user test_user and I run id
I'm getting only
uid=1000(test_user) gid=1000(test_user) groups=1000(test_user)
in passwd
it's like:
test_user:x:1000:1000:Test User,,,:/home/jrebjak:/bin/bash
and in libnss-ato.conf
I have
test_user:x:1000:1000,27:Test User,,,:/home/jrebjak:/bin/bash
I'm not able to use the plugin with the root user but it works with another user.
Here is the config I'm using:
root:x:0:0:Root:/root:/bin/bash
Here are the logs I see (/var/log/secure):
sshd[2235]: Accepted password for myuser from 172.20.0.1 port 46328 ssh2
sshd[2235]: pam_systemd(sshd:session): Failed to create session: No such file or directory
sshd[2235]: pam_unix(sshd:session): session opened for user myuser by (uid=0)
sshd[2235]: fatal: login_get_lastlog: Cannot find account for uid 500
sshd[2235]: pam_unix(sshd:session): session closed for user myuser
sshd[2235]: syslogin_perform_logout: logout() returned an error
sshd[2238]: fatal: mm_request_send: write: Broken pipe
I confirm that it works with a non-root user.
Am I missing something?
The license file (./copyright) is very clear that the project is protected by the general GPL.
However, in a comment in a C file I notice that a comment that seems to indicate the LGPL.
Lines 9-10
* this product may be distributed under the terms of
* the GNU Lesser Public License
Can we get clarity on which is the correct license and perhaps a correction to one or the other file so that only one license is referenced in the project?
cat /etc/libnss-ato.conf
ubuntu:x:1000:1000::/home/ubuntu:/bin/bash
getent passwd jnchi
jnchi:x:1000:1000::/home/ubuntu:/bin/bash
passwd jnchi
passwd: Authentication token manipulation error
passwd: password unchanged
I am working on a PAM module to authenticate against Azure Active Directory (See: CyberNinjas/pam_aad).
See also: CyberNinjas/pam_aad#21 (comment)
With libnss-ato in action, new (local) users cannot be created on system. I believe this is a known limitation with this library. Can it be selectively used for remote users only (in case of TACACS+/RADIUS/LDAP auth)?
Tried the below test after installing from source on CentOS 7 Vanilla
If you add libnss-ato to the chain of nss modules (in /etc/nsswitch.conf) you get something like:
]$ id randomname ]$ uid=1000(user_test) gid=1000 groups=1000
for every query of a random username not present in /etc/passwd.
Got the below output
# id randomuser
id: randomuser: no such user
#
Is there anything else to be done on CentOS 7 specially, I got this working on Centos 6 without any issues.
Please let me know for any additional information.
Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.