mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-19 01:11:05 +00:00
2604afb1b2
1997-09-21 03:19 Ulrich Drepper <drepper@cygnus.com> * libio/libio.h: More libstdc++ cleanups. Define _IO_USE_DTOA if _G_HAVE_PRINTF_FP is not defined. * libio/strops.c: Undo patch of 1997-07-08 02:18. Must find a different solution for the problem. * misc/search.h [__USE_GNU]: Define comparison_fn_t. * stdlib/stdlib.h: Define comparison_fn_t only if __COMPAR_FN_T is not defined. Fix typo. Pretty print inline functions. * sysdeps/i386/i486/string.h (__stpcpy_small): Increment __cp not cp. Patch by HJ Lu <hjl@gnu.ai.mit.edu>. 1997-09-20 16:45 Ulrich Drepper <drepper@cygnus.com> * hesiod/hesiod.c (hesiod_init): Use __secure_getenv to get HES_DOMAIN environment variable. Suggested by Mark Kettenis <kettenis@phys.uva.nl>. * hesiod/README.hesiod: A bit of information about Hesiod and how to use it. Written by Mark Kettenis <kettenis@phys.uva.nl>. 1997-09-20 05:15 Ulrich Drepper <drepper@cygnus.com> * manual/maint.texi: Update requirement list. * io/ftw.h: Don't use parameter names from global namespace in prototypes. * stdlib/strtol.c: If used outside glibc handle broken systems which have character classification functions which are not 8-bit clean gracefully. Patch by Bruno Haible <haible@ilog.fr>. 1997-09-19 21:42 David S. Miller <davem@tanya.rutgers.edu> * sysdeps/unix/sysv/linux/sparc/sparc64/bits/types.h: ssize_t is a long long int. 1997-09-19 15:12 H.J. Lu <hjl@gnu.ai.mit.edu> * posix/Makefile (test-srcs): New, set to globtest. 1997-09-20 00:24 Ulrich Drepper <drepper@cygnus.com> * manual/filesys.texi: Document ftw, nftw and needed data types. 1997-09-19 12:53 H.J. Lu <hjl@gnu.ai.mit.edu> * sysdeps/i386/i486/bits/string.h: Fix typo. 1997-09-19 14:11 Ulrich Drepper <drepper@cygnus.com> * io/ftwtest.c (cb): Print level. * io/ftwtest-sh: Updated for ftwtest.c change. * string/argz.h (__argz_next): Cast NULL to char * to satisfy C++ compilers. Reported by Mirko Streckenbach <mirko@ramz.ing.tu-bs.de>. * catgets/catgets.c (catopen): Correctly allocate string of nlspath. Reported by Charles C. Fu <ccwf@klab.caltech.edu>. 1997-09-18 13:30 Klaus Espenlaub <kespenla@student.informatik.uni-ulm.de> * sysdeps/i386/init-first.c: Call __getopt_clean_environment with additional argument. * sysdeps/mach/hurd/i386/init-first.c: Likewise. * sysdeps/mach/hurd/mips/init-first.c: Likewise. * sysdeps/stub/init-first.c: Likewise. 1997-09-18 03:16 Ulrich Drepper <drepper@cygnus.com> * manual/search.texi: Document lsearch, lfind, the hsearch and tsearch functions. 1997-09-18 00:04 Ulrich Drepper <drepper@cygnus.com> * misc/hsearch_r.c (hsearch_r): Only return error for ENTER action if the table is full and we *really* have to enter a new entry. 1997-09-17 19:44 Ulrich Drepper <drepper@cygnus.com> * sysdeps/sparc/sparc32/dl-machine.h (elf_machine_rela): Get rid of hack for handling flush opcode. Patch by Richard Henderson <rth@cygnus.com>.
151 lines
5.3 KiB
Plaintext
151 lines
5.3 KiB
Plaintext
The GNU C library contains an NSS module for the Hesiod name service.
|
|
Hesiod is a general name service for a variety of applications and is
|
|
based on the Berkeley Internet Name Daemon (BIND).
|
|
|
|
Introduction
|
|
============
|
|
|
|
The Hesiod NSS module implements access to all relevant standard
|
|
Hesiod types, which means that Hesiod can be used for the `group',
|
|
`passwd' and `services' databases. There is however a restriction.
|
|
In the same way that it is impossible to use `gethostent()' to iterate
|
|
over all the data provided by DNS, it is not possible to scan the
|
|
entire Hesiod database by means of `getgrent()', `getpwent()' and
|
|
`getservent()'. Besides, Hesiod only provides support for looking up
|
|
services by name and not for looking them up by port. In essence this
|
|
means that the Hesiod name service is only consulted as a result of
|
|
one of the following function calls:
|
|
|
|
* getgrname(), getgrgid()
|
|
* getpwname(), getpwuid()
|
|
* getservbyname()
|
|
|
|
and their reentrant counterparts.
|
|
|
|
|
|
Configuring your systems
|
|
========================
|
|
|
|
Configuring your systems to make use use the Hesiod name service
|
|
requires one or more of the following steps, depending on whether you
|
|
are already running Hesiod in your network.
|
|
|
|
Configuring NSS
|
|
---------------
|
|
|
|
First you should modify the file `/etc/nsswitch.conf' to tell
|
|
NSS for which database you want to use the Hesiod name service. If
|
|
you want to use Hesiod for all databases it can handle your
|
|
configuration file could look like this:
|
|
|
|
# /etc/nsswitch.conf
|
|
#
|
|
# Example configuration of GNU Name Service Switch functionality.
|
|
#
|
|
|
|
passwd: db files hesiod
|
|
group: db files hesiod
|
|
shadow: db files
|
|
|
|
hosts: files dns
|
|
networks: files dns
|
|
|
|
protocols: db files
|
|
services: db files hesiod
|
|
ethers: db files
|
|
rpc: db files
|
|
|
|
For more information on NSS, please refer to the `The GNU C Library
|
|
Reference Manual'.
|
|
|
|
|
|
Configuring Hesiod
|
|
------------------
|
|
|
|
Next, you will have to configure Hesiod. If you are already running
|
|
Hesiod in your network, you probably already have a file named
|
|
`hesiod.conf' on your machines (probably as `/etc/hesiod.conf' or
|
|
`/usr/local/etc/hesiod.conf'). The Hesiod NSS module expects this
|
|
file to be found in the sysconfdir (`/usr/local/etc/hesiod.conf' by
|
|
default, see the installation notes on how to change this) or in the
|
|
location specified by the environment variable `HESIOD_CONFIG'. If
|
|
there is no configuration file you will want to create your own. It
|
|
should look something like:
|
|
|
|
rhs=.your.domain
|
|
lhs=.ns
|
|
|
|
The value of rhs can be overridden by the environment variable
|
|
HES_DOMAIN.
|
|
|
|
Configuring your name servers
|
|
-----------------------------
|
|
|
|
In addition, if you are not already running Hesiod in your network,
|
|
you need to create Hesiod information on your central name servers.
|
|
You need to run `named' from BIND 4.9 or higher on these servers, and
|
|
make them authoritative for the domain `ns.your.domain' with a line in
|
|
`/etc/named.boot' reading something like:
|
|
|
|
primary ns.your.domain named.hesiod
|
|
|
|
or if you are using the new BIND 8.1 or higher add something to
|
|
`/etc/named.conf' like:
|
|
|
|
zone "ns.your.domain" {
|
|
type master;
|
|
file "named.hesiod";
|
|
};
|
|
|
|
Then in the BIND working directory (usually `/var/named') create the
|
|
file `named.hesiod' containing data that looks something like:
|
|
|
|
; SOA and NS records.
|
|
@ IN SOA server1.your.domain admin-address.your.domain (
|
|
40000 ; serial - database version number
|
|
1800 ; refresh - sec servers
|
|
300 ; retry - for refresh
|
|
3600000 ; expire - unrefreshed data
|
|
7200 ) ; min
|
|
NS server1.your.domain
|
|
NS server2.your.domain
|
|
|
|
; Actual Hesiod data.
|
|
libc.group TXT "libc:*:123:gnu,gnat"
|
|
123.gid CNAME libc.group
|
|
gnu.passwd TXT "gnu:*:4567:123:GNU:/home/gnu:/bin/bash"
|
|
456.uid CNAME mark.passwd
|
|
nss.service TXT "nss;tcp;789;switch sw "
|
|
nss.service TXT "nss;udp;789;switch sw"
|
|
|
|
where `libc' is an example of a group, `gnu' an example of an user,
|
|
and `nss' an example of a service. Note that the format used to
|
|
describe services differs from the format used in `/etc/services'.
|
|
For more information on `named' refer to the `Name Server Operations
|
|
Guide for BIND' that is included in the BIND distribution.
|
|
|
|
|
|
Security
|
|
========
|
|
|
|
Note that the information stored in the Hesiod database in principle
|
|
is publicly available. Care should be taken with including vulnerable
|
|
information like encrypted passwords in the Hesiod database. There
|
|
are some ways to improve security by using features provided by
|
|
`named' (see the discussion about `secure zones' in the BIND
|
|
documentation), but one should keep in mind that Hesiod was never
|
|
intended to distribute passwords. In the origional design
|
|
authenticating users was the job of the Kerberos service.
|
|
|
|
|
|
More information
|
|
================
|
|
|
|
For more information on the Hesiod name service take a look at some of
|
|
the papers in ftp://athena-dist.mit.edu:/pub/ATHENA/usenix and the
|
|
documentation that accompanies the source code for the Hesiod name
|
|
service library in ftp://athena-dist.mit.edu:/pub/ATHENA/hesiod.
|
|
|
|
There is a mailing list at MIT for Hesiod users, hesiod@mit.edu. To
|
|
get yourself on or off the list, send mail to hesiod-request@mit.edu.
|