nss_db
Mark R Bannister
mark at proseconsulting.co.uk
Wed Dec 14 13:16:51 UTC 2011
I note from this posting:
http://lists.fedoraproject.org/pipermail/devel/2011-July/153665.html
And this one:
http://sourceware.org/git/?p=glibc.git;a=commit;h=2666d441c2d8107b1987b869714189af64b954c6
that the nss_db package has been deprecated, and that the new nss_db support in
glibc no longer uses Berkeley DB format.
This is a pity. I have a genuine requirement for Berkeley DB support.
Specifically, I need both Linux and Solaris clients using the same database file
presented over NFS. This is used for overriding UIDs, home directories and GIDs
on a per-NIS domain basis where multiple NIS domains have been imported into a
single Active Directory domain. We use the 'db' source in /etc/nsswitch.conf
ahead of 'ldap' so that users with clashing IDs can be successfully renumbered
when they log into different NIS domains.
Berkeley databases are architecture-independent, so all Linux and Solaris clients
can use the same db files. Moreover, I have forked the original version 2.2
nss_db with all the latest patches I could find and ported to Solaris at the URL
below. This version compiles ok on both Solaris 10 and RHEL 5.5 (no reason why
it shouldn't continue to compile on all versions of Linux that it previously did):
http://sf.net/projects/nssdb
Full details about this port can be found in this posting:
http://sourceware.org/ml/libc-help/2011-12/msg00001.html
By moving away from a Berkeley DB format, we're left in a position where Fedora
(and in the future RHEL) will not be compatible out-of-the-box with our NSS
database files. This will force us to use the nss_db fork above on RHEL7 in the
future, to maintain compatibility. This would be a shame, unless Red Hat
supported the above module.
Perhaps there is a better solution here? Can the nss_db fork above be included
as an option in Fedora? Perhaps you can simply rename the module to something
other than libnss_db so that it doesn't clash with the new glibc module.
Although personally I wish that glibc renamed their version so that libnss_db
continues to be compatible with Berkeley DB, I'm not sure why it was considered
ok to break backwards compatibility and force users of nss_db to recreate their
databases to a format that was no longer cross-platform.
Opinions? Ideas?
Best regards,
Mark.
More information about the devel
mailing list