[OpenAFS] pts and nsswitch

Todd M. Lewis utoddl@email.unc.edu
Wed, 11 Feb 2004 13:40:20 -0500 

This is a follow-up to a message (below) from September 2002, in case 
anybody is interested. As of this morning the nsswitch module mentioned 
below now works with Solaris as well as Linux. I randomly bumped the 
version from 0.1 to 0.2 to confuse the innocent.

Grab http://www.unc.edu/~utoddl/nss_pts_0.2.tgz if you're interested. 
It's GPL'd, 'cause it uses code from samba, so I don't know how that 
mixes/matches with other OpenAFS contribs. Just do the Right Thing.

Happy computing,
--
Todd_Lewis@unc.edu

In September, 2002, Todd M. Lewis wrote:
> Greetings,
> 
> I've often wished "ls -l" would list the pts names of files' owners
> instead of their uids for people not in my password file.  So I wrote up
> http://www.unc.edu/~utoddl/nss_pts_0.1.tgz which implements a simple

now http://www.unc.edu/~utoddl/nss_pts_0.2.tgz
Unpack in AFS for that wholesome "@sys" goodness. :-)

> nsswitch module that does exactly that.  At least it does on Linux, and
> it might on Solaris, though I don't have a Sun box I can hack on to
> thrash out the details.
> 
> [FYI: nsswitch in a nutshell is a set of hooks into how the system looks
> up things -- about users, groups, hosts, services, networks, whatever.
> nss_pts adds a hook that makes getpwuid() know how to look in your
> cell's ptserver if it can't find the uid in, for example, /etc/passwd
> and NIS.]
> 
> In retrospect, I'm not so sure this was a good idea, but I'm putting the
> code out there in case someone else wants to play with it and doesn't
> want to start from scratch.  Go ahead; knock yourself out.
> 
> So why isn't this such a good idea?  Well, for one thing, if you're
> looking at files in some other cell, it still does the lookups against
> your ptserver.  Also, if a uid happens to map to one of your cell's
> non-null instances, then you might get back a struct passwd with a
> pw_name that's longer than 8 characters, which could cause some programs
> to choke.

N.B.: It now truncates the pw_name to 8 characters.

> I've been running this thing several days and it hasn't
> caused me any problems that I know of, but I wouldn't want to deploy a
> production server based on that.

Well, actually, we have deployed it on production servers since then, 
and they seem happy.

> Think of it as a proof of concept -- maybe an ill-conceived one -- but
> it sure adds some meaning to most of my ls snooping around my cell.  And
> if someone gets it working under Solaris, I'd like to know what you did.

As mentioned above, it now works on Solaris. The trick is/was, Solaris 
has a couple of additional fields (pw_comment and pw_age) that needed to 
be initialized to keep nscd from dying. It's happy now.

> Happy computing,
-- 
    +--------------------------------------------------------------+
   / Todd_Lewis@unc.edu  919-962-5273  http://www.unc.edu/~utoddl /
  /              A hangover is the wrath of grapes.              /
+--------------------------------------------------------------+