From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EDesD-0001y5-PN for garchives@archives.gentoo.org; Fri, 09 Sep 2005 09:08:42 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j8992N7n009844; Fri, 9 Sep 2005 09:02:23 GMT Received: from smtp2.TU-Cottbus.De (smtp2.tu-cottbus.de [141.43.99.248]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j8992NLS019853 for ; Fri, 9 Sep 2005 09:02:23 GMT Received: from localhost (loopback [127.0.0.1]) by smtp2.TU-Cottbus.De (Postfix) with ESMTP id 1AB9F508291 for ; Fri, 9 Sep 2005 11:06:13 +0200 (MEST) Received: from [192.168.0.50] (p54BA391C.dip.t-dialin.net [84.186.57.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Paul Koelle", Issuer "BTU-CA (2004-2008)" (verified OK)) by smtp2.TU-Cottbus.De (Postfix) with ESMTP id 319E850828E for ; Fri, 9 Sep 2005 11:06:11 +0200 (MEST) Message-ID: <432151F7.8020204@gmail.com> Date: Fri, 09 Sep 2005 11:12:23 +0200 From: =?ISO-8859-1?Q?Paul_K=F6lle?= User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] Virtual ssh users References: <43211564.7030109@catprosystems.com> In-Reply-To: <43211564.7030109@catprosystems.com> X-Enigmail-Version: 0.91.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS (at smtp2.TU-Cottbus.De) X-Archives-Salt: 3cb1848d-e5b4-42f4-a46a-ddf308a68ad4 X-Archives-Hash: 7d82af7223320142a8804ce8b4b84696 Yogesh Sharma wrote: > On 07:43 A. Khattri wrote: > >>Incidently, you can use libnss-mysql to avoid having to create an >>actual >>system account if you need "true" virtual users. > > > > Any link to documentation or example for implementing libnss-mysql based > virtual users ? > Database schema, user name, config file etc. > It's pretty straightforward. libnss-mysql configuration file takes a SQL query for each get*() call, so there are no constraints for the db schema. Examples are in /usr/share/doc after installing the package. What I haven't figured out yet: Calls to NSS are made in the context of the user running e.g. "id", so if you use a socket connection to mysql you need to allow *every* user to read from the socket. I haven't investigated the implications in terms of security yet. cheers Paul -- gentoo-server@gentoo.org mailing list