Am Tue, Dec 20, 2022 at 07:14:42PM -0600 schrieb Sundar Vadivelu:
Hi all,
I am working on a system which does TACACS+ authentication of users with
pam_tacplus and nss_tacplus libraries
nss_tacplus:
https://github.com/benschumacher/nss_tacplus
pam_tacplus:
https://github.com/kravietz/pam_tacplus
This solution relied on NSCD to be running, since the nss_tacplus only
implemented getpwnam_r . For getpwuid_r etc it relied on the cached entries
in nscd. It was working fine until fedora removed NSCD from glibc in FC36 (
https://fedoraproject.org/wiki/Changes/RemoveNSCD)
The above write up indicates that SSSD could be used to cover all cacheing
requirements that was previously provided by NSCD. However I am unable to
configure SSSD for my use case.
When I tried to link the id_provider as proxy and the proxy_lib_name as
tacplus, sssd fails to come up. If fails with this error:
(2022-12-19 23:32:35): [be[shadowutils]] [sss_load_nss_symbols] (0x0010):
Library 'libnss_tacplus.so.2' did not provide mandatory symbol
'getpwuid_r', error: /lib64/libnss_tacplus.so.2: undefined symbol:
_nss_tacplus_getpwuid_r.
Hi,
it would, of course be possible to make getpwuid_r not mandatory in
proxy_load_nss_symbols(). But I wonder if you know the reason why this
is not implemented in libnss_tacplus.so.2? I'm asking because to work
properly this requires that the user must be looked up by name first. If
e.g. you call 'ls -al /home' you would only see the UIDs of those users
resolved which where looked up by name before and for all other home
directories only the UID is displayed which at least seems unexpected if
not a bad user experience.
bye,
Sumit
Is there any way to use sssd with the above mentioned nss_tacplus library?
By this I mean can sssd be configured to do getpwnam only using the
nss_tacplus, at which time it could cache the passwd details of the user,
and use the cache for the other APIs like getpwuid etc?
_________________________________________________
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue