Am Tue, Dec 20, 2022 at 07:14:42PM -0600 schrieb Sundar Vadivelu: > Hi all, > I am working on a system which does TACACS+ authentication of users with > pam_tacplus and nss_tacplus libraries > nss_tacplus: https://github.com/benschumacher/nss_tacplus > pam_tacplus: https://github.com/kravietz/pam_tacplus > > This solution relied on NSCD to be running, since the nss_tacplus only > implemented getpwnam_r . For getpwuid_r etc it relied on the cached entries > in nscd. It was working fine until fedora removed NSCD from glibc in FC36 ( > https://fedoraproject.org/wiki/Changes/RemoveNSCD) > > The above write up indicates that SSSD could be used to cover all cacheing > requirements that was previously provided by NSCD. However I am unable to > configure SSSD for my use case. > > When I tried to link the id_provider as proxy and the proxy_lib_name as > tacplus, sssd fails to come up. If fails with this error: > > > (2022-12-19 23:32:35): [be[shadowutils]] [sss_load_nss_symbols] (0x0010): > Library 'libnss_tacplus.so.2' did not provide mandatory symbol > 'getpwuid_r', error: /lib64/libnss_tacplus.so.2: undefined symbol: > _nss_tacplus_getpwuid_r.
Hi, it would, of course be possible to make getpwuid_r not mandatory in proxy_load_nss_symbols(). But I wonder if you know the reason why this is not implemented in libnss_tacplus.so.2? I'm asking because to work properly this requires that the user must be looked up by name first. If e.g. you call 'ls -al /home' you would only see the UIDs of those users resolved which where looked up by name before and for all other home directories only the UID is displayed which at least seems unexpected if not a bad user experience. bye, Sumit > > Is there any way to use sssd with the above mentioned nss_tacplus library? > By this I mean can sssd be configured to do getpwnam only using the > nss_tacplus, at which time it could cache the passwd details of the user, > and use the cache for the other APIs like getpwuid etc? > > _________________________________________________ > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
