FSSOS stands for Flexible Single Sign-On Solution and
has been written by Ben Goodwin for extending
authentication via getpwnam(), getspnam(), getgrent(), etc calls.

Official website: http://fssos.sourceforge.net/
This source has been hacked and adapted to IndiMail as nssd from the
FSSOS site.

The hacked source will also work with vpopmail by just changing the
configuration file nssd.conf. You just need to change the table_name,
username, password, uid, gid appropriate for your vpopmail installation.

nssd is a multi-threaded daemon and pre-connects to MySQL. This
saves response times in user lookup queries as one no longer needs
to keep on making and breaking connections to MySQL

nssd is experimental and without warranty.

The hacked source can be downloaded from

Modification has been made to have user and domain in the query
e.g. [EMAIL PROTECTED] gets split into mbhangui as the user
and gmail.com as the domain. This split allows authentication against
IndiMail's MySQL database. By just changing the configuration,
authentication should also work for vpopmail. The other change I have
made is to make the Name Service Switch daemon supervise friendly.

You may also want to look at the wonderful original code written by Ben.

You may find this of use if you want to run a IMAP/POP3 server which
does not yet have support for IndiMail or vpopmail

Having this installed allows many IMAP/POP3 servers which use
getpwnam(), getspnam(), PAM, etc to authenticate against IndiMail's
database without making a single change to the IMAP/POP3 server code.
This gives a Yet Another Way to have courier-imap, dovecot, etc to
authenticate against your own custom MySQL database.

NSSD - Name Service Switch Daemon
Supported Operating Systems:
    o Linux (glibc >= 2.2.5)
    o Solaris (Sparc or Intel >= 8) (SEE NOTE BELOW)
    o FreeBSD (5.1+, prefer 5.2+)   (SEE NOTE BELOW)

Supported MySQL Versions:
    o MySQL 3.23.9 - 6.0.3-alpha

Supported Compilers:
    o GCC (2.95.2, 3.x)

    o Installing from source:
      o A functional compile environment (system headers, gcc, ...)
      o MySQL client library & header files (local)
      o MySQL server (local or remote)

    o If installing from source:
      o wget http://downloads.sourceforge.net/indimail/nssd-1.0.tar.gz
      o ./configure --prefix=/var/indimail \
        --default-domain=indimail.org --with-mysql=/usr/local/mysql
      o make
      o make install-strip
        # For IndiMail, to install a supervise service, run the svctool
        # For vpopmail, you need to have nssd run either by supervise or
          by your favourite method (rc, etc)
       o ./svctool --pwdlookup=/tmp/nssd.sock --threads=5 \
         --timeout=5000 \
--mysqlhost=localhost --mysqluser=indimail \
         --mysqlpass=xxxxxxxx \
         --mysqlsocket=/tmp/mysql.sock --servicedir=/service

    On some systems, libtool insists on adding "-lc" to the link stage
    (due to the way gcc was built for that system), which breaks nssd
    threading in daemon mode.  If you see a "-lc" before a "-pthread" or
    "-lpthread", then you're in trouble.  You'll notice the broken
    behavior in the form of fewer-than-expected threads running (3) and
    the inability to kill the parent process off without a "-9" signal. 
    To fix this, do
    the following:
        PTRHEAD_LIBS="-lpthread -lc" ./configure
    and then run make/make install.

    If your MySQL installation is based in a strange directory, use
    the --with-mysql=DIR option of ./configure to specify.  For example,
    "./configure --with-mysql=/usr2"

    o Edit /var/indimail/etc/nssd.conf (or /var/vpopmail/etc/nssd.conf)
  You will find nssd.conf in samples directory of the source

    o Edit (or create) /etc/nsswitch.conf such that it contains at least
      the following:
      passwd: files nssd
      shadow: files nssd

      If you don't want groups from MySQL, simply don't include 'nssd'
      in in the 'group' line.

    o Start 'nssd' (e.g. "/var/indimail/sbin/nssd" or
      you can use supervise
      I have the following lines in the run file
      # $Id: svctool.in,v 2.69 2008-09-04 16:41:45+05:30 Cprogrammer Exp
mbhangui $
      # generated on i686-pc-linux-gnu on Thu Sep  4 16:45:35 IST 2008
      # ./svctool --pwdlookup=/tmp/nssd.sock --threads=5 --timeout=5000
--mysqlhost=localhost --mysqluser=indimail --mysqlpass=ssh-1.5-
--mysqlsocket=/tmp/mysql.sock --servicedir=/service

      exec /var/indimail/bin/envdir /service/pwdlookup/variables \
      /var/indimail/bin/setuidgid indimail /var/indimail/sbin/nssd -d
debug 2>&1

Regards Manvendra

The individual choice of garnishment of a burger can be an important
point to the consumer in this day when individualism is an increasingly
important thing to people. -- Donald N. Smith, president of Burger King


Reply via email to