Skip to content

osallou/nss-external

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
README.md
README.md
 
 
nss-external.go
nss-external.go
 
 

Repository files navigation

Gonss

About

Linux nss module to create some users when requesting info about them (on ssh, id, etc.).

If user matches suffix, then user is created with no password (not empty but password not allowed) and assign them to specified group. A home directory is also created.

Reads its configuration from nss_external.conf

As no password is set, login as user must be allowed/forbidden by PAM modules/config (ssh key, custom auth, ...)

This library has been created to learn about nss/pam while doing some tests with OpenSSH. Indeed, even with custom PAM modules, OpenSSH requires to get an existing user (with nss stuff) before calling PAM modules to check for auth, set session etc... So it means that users cannot be created dynamically on SSH session setup.

Build

CGO_CFLAGS="-g -O2 -D __LIB_NSS_NAME=external" go build --buildmode=c-shared -o libnss_external.so.2 nss-external.go

Config

Setup in /etc/nss_external.conf

users: []
nss:
prefix:
    - "@elixir-europe.org"
groupid: 1000
minuid: 10000
bash: "/bin/bash"
home: "/home/external/%s"

Update /etc/nsswitch.conf

passwd:         compat external
group:          compat
shadow:         compat external

License

Apache 2.0

About

custom nss library to create dynamically users

Resources

Readme
Activity

Stars

9 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages