diff options
author | Ulrich Drepper <drepper@redhat.com> | 1997-09-21 01:47:02 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 1997-09-21 01:47:02 +0000 |
commit | 2604afb1b2d9acc3c70b1214285f996200bf0358 (patch) | |
tree | ba59d75147565b8ab19686d98cee368d8ec697fc /hesiod/README.hesiod | |
parent | 4547c1a410fbc3ab5592a68bac1661135d91983f (diff) | |
download | glibc-2604afb1b2d9acc3c70b1214285f996200bf0358.tar.gz |
Update.cvs/libc-ud-970920
1997-09-21 03:19 Ulrich Drepper <drepper@cygnus.com>
* libio/libio.h: More libstdc++ cleanups. Define _IO_USE_DTOA if
_G_HAVE_PRINTF_FP is not defined.
* libio/strops.c: Undo patch of 1997-07-08 02:18. Must find a
different solution for the problem.
* misc/search.h [__USE_GNU]: Define comparison_fn_t.
* stdlib/stdlib.h: Define comparison_fn_t only if __COMPAR_FN_T is
not defined.
Fix typo. Pretty print inline functions.
* sysdeps/i386/i486/string.h (__stpcpy_small): Increment __cp not cp.
Patch by HJ Lu <hjl@gnu.ai.mit.edu>.
1997-09-20 16:45 Ulrich Drepper <drepper@cygnus.com>
* hesiod/hesiod.c (hesiod_init): Use __secure_getenv to get
HES_DOMAIN environment variable.
Suggested by Mark Kettenis <kettenis@phys.uva.nl>.
* hesiod/README.hesiod: A bit of information about Hesiod and how
to use it. Written by Mark Kettenis <kettenis@phys.uva.nl>.
1997-09-20 05:15 Ulrich Drepper <drepper@cygnus.com>
* manual/maint.texi: Update requirement list.
* io/ftw.h: Don't use parameter names from global namespace in
prototypes.
* stdlib/strtol.c: If used outside glibc handle broken systems
which have character classification functions which are not 8-bit
clean gracefully. Patch by Bruno Haible <haible@ilog.fr>.
1997-09-19 21:42 David S. Miller <davem@tanya.rutgers.edu>
* sysdeps/unix/sysv/linux/sparc/sparc64/bits/types.h: ssize_t is
a long long int.
1997-09-19 15:12 H.J. Lu <hjl@gnu.ai.mit.edu>
* posix/Makefile (test-srcs): New, set to globtest.
1997-09-20 00:24 Ulrich Drepper <drepper@cygnus.com>
* manual/filesys.texi: Document ftw, nftw and needed data types.
1997-09-19 12:53 H.J. Lu <hjl@gnu.ai.mit.edu>
* sysdeps/i386/i486/bits/string.h: Fix typo.
1997-09-19 14:11 Ulrich Drepper <drepper@cygnus.com>
* io/ftwtest.c (cb): Print level.
* io/ftwtest-sh: Updated for ftwtest.c change.
* string/argz.h (__argz_next): Cast NULL to char * to satisfy C++
compilers.
Reported by Mirko Streckenbach <mirko@ramz.ing.tu-bs.de>.
* catgets/catgets.c (catopen): Correctly allocate string of nlspath.
Reported by Charles C. Fu <ccwf@klab.caltech.edu>.
1997-09-18 13:30 Klaus Espenlaub <kespenla@student.informatik.uni-ulm.de>
* sysdeps/i386/init-first.c: Call __getopt_clean_environment with
additional argument.
* sysdeps/mach/hurd/i386/init-first.c: Likewise.
* sysdeps/mach/hurd/mips/init-first.c: Likewise.
* sysdeps/stub/init-first.c: Likewise.
1997-09-18 03:16 Ulrich Drepper <drepper@cygnus.com>
* manual/search.texi: Document lsearch, lfind, the hsearch and
tsearch functions.
1997-09-18 00:04 Ulrich Drepper <drepper@cygnus.com>
* misc/hsearch_r.c (hsearch_r): Only return error for ENTER action
if the table is full and we *really* have to enter a new entry.
1997-09-17 19:44 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/sparc/sparc32/dl-machine.h (elf_machine_rela): Get rid
of hack for handling flush opcode.
Patch by Richard Henderson <rth@cygnus.com>.
Diffstat (limited to 'hesiod/README.hesiod')
-rw-r--r-- | hesiod/README.hesiod | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/hesiod/README.hesiod b/hesiod/README.hesiod new file mode 100644 index 0000000000..914e0d1bd9 --- /dev/null +++ b/hesiod/README.hesiod @@ -0,0 +1,150 @@ +The GNU C library contains an NSS module for the Hesiod name service. +Hesiod is a general name service for a variety of applications and is +based on the Berkeley Internet Name Daemon (BIND). + +Introduction +============ + +The Hesiod NSS module implements access to all relevant standard +Hesiod types, which means that Hesiod can be used for the `group', +`passwd' and `services' databases. There is however a restriction. +In the same way that it is impossible to use `gethostent()' to iterate +over all the data provided by DNS, it is not possible to scan the +entire Hesiod database by means of `getgrent()', `getpwent()' and +`getservent()'. Besides, Hesiod only provides support for looking up +services by name and not for looking them up by port. In essence this +means that the Hesiod name service is only consulted as a result of +one of the following function calls: + + * getgrname(), getgrgid() + * getpwname(), getpwuid() + * getservbyname() + +and their reentrant counterparts. + + +Configuring your systems +======================== + +Configuring your systems to make use use the Hesiod name service +requires one or more of the following steps, depending on whether you +are already running Hesiod in your network. + +Configuring NSS +--------------- + +First you should modify the file `/etc/nsswitch.conf' to tell +NSS for which database you want to use the Hesiod name service. If +you want to use Hesiod for all databases it can handle your +configuration file could look like this: + + # /etc/nsswitch.conf + # + # Example configuration of GNU Name Service Switch functionality. + # + + passwd: db files hesiod + group: db files hesiod + shadow: db files + + hosts: files dns + networks: files dns + + protocols: db files + services: db files hesiod + ethers: db files + rpc: db files + +For more information on NSS, please refer to the `The GNU C Library +Reference Manual'. + + +Configuring Hesiod +------------------ + +Next, you will have to configure Hesiod. If you are already running +Hesiod in your network, you probably already have a file named +`hesiod.conf' on your machines (probably as `/etc/hesiod.conf' or +`/usr/local/etc/hesiod.conf'). The Hesiod NSS module expects this +file to be found in the sysconfdir (`/usr/local/etc/hesiod.conf' by +default, see the installation notes on how to change this) or in the +location specified by the environment variable `HESIOD_CONFIG'. If +there is no configuration file you will want to create your own. It +should look something like: + + rhs=.your.domain + lhs=.ns + +The value of rhs can be overridden by the environment variable +HES_DOMAIN. + +Configuring your name servers +----------------------------- + +In addition, if you are not already running Hesiod in your network, +you need to create Hesiod information on your central name servers. +You need to run `named' from BIND 4.9 or higher on these servers, and +make them authoritative for the domain `ns.your.domain' with a line in +`/etc/named.boot' reading something like: + + primary ns.your.domain named.hesiod + +or if you are using the new BIND 8.1 or higher add something to +`/etc/named.conf' like: + + zone "ns.your.domain" { + type master; + file "named.hesiod"; + }; + +Then in the BIND working directory (usually `/var/named') create the +file `named.hesiod' containing data that looks something like: + + ; SOA and NS records. + @ IN SOA server1.your.domain admin-address.your.domain ( + 40000 ; serial - database version number + 1800 ; refresh - sec servers + 300 ; retry - for refresh + 3600000 ; expire - unrefreshed data + 7200 ) ; min + NS server1.your.domain + NS server2.your.domain + + ; Actual Hesiod data. + libc.group TXT "libc:*:123:gnu,gnat" + 123.gid CNAME libc.group + gnu.passwd TXT "gnu:*:4567:123:GNU:/home/gnu:/bin/bash" + 456.uid CNAME mark.passwd + nss.service TXT "nss;tcp;789;switch sw " + nss.service TXT "nss;udp;789;switch sw" + +where `libc' is an example of a group, `gnu' an example of an user, +and `nss' an example of a service. Note that the format used to +describe services differs from the format used in `/etc/services'. +For more information on `named' refer to the `Name Server Operations +Guide for BIND' that is included in the BIND distribution. + + +Security +======== + +Note that the information stored in the Hesiod database in principle +is publicly available. Care should be taken with including vulnerable +information like encrypted passwords in the Hesiod database. There +are some ways to improve security by using features provided by +`named' (see the discussion about `secure zones' in the BIND +documentation), but one should keep in mind that Hesiod was never +intended to distribute passwords. In the origional design +authenticating users was the job of the Kerberos service. + + +More information +================ + +For more information on the Hesiod name service take a look at some of +the papers in ftp://athena-dist.mit.edu:/pub/ATHENA/usenix and the +documentation that accompanies the source code for the Hesiod name +service library in ftp://athena-dist.mit.edu:/pub/ATHENA/hesiod. + +There is a mailing list at MIT for Hesiod users, hesiod@mit.edu. To +get yourself on or off the list, send mail to hesiod-request@mit.edu. |