Vieri
l33t
Joined: 18 Dec 2005
Posts: 888
|
 Posted: Sun May 12, 2024 10:45 am Post subject: musl and nsswitch |
 |
|
Hi,
I understand that musl does not support/read /etc/nsswitch.conf as glibc does.
Problem is I'm using "files winbind" or "compat winbind" in nsswitch to allow for PAM-authenticated sshd access via winbind auth.
So migrating from glibc to musl isn't straightforward, and there's no mentioning nsswitch in https://wiki.gentoo.org/wiki/Musl_usage_guide.
First thing I tried was to install nscd and start the service.
It started exiting with a plain "syntax error" message, but not sure why. I eventually trimmed the file down to using just compat, files, dns and winbind.
Both "compat" and "files" yield an error message saying that libnss_compat.so and libnss_files.so are not available.
If I just keep "winbind" and "dns" I get no errors, and the nscd service starts.
At that point I can access sshd via PAM and an AD user via winbind albeit with a very slow login right after entering the password (setting UseDNS to no in sshd does not change the behavior).
In any case, nscd is not marked stable in portage.
There's another package sssd available, but I don't know how it works, if it reads the content of nsswitch.conf or not, etc.
In a nutshell, what is the currently best way of letting, say, MS Active Directory users log into a Gentoo musl system with sshd?
I currently tell sshd to "UsePAM", and I set up pam to use the pam_winbind.so auth module.
I then have this in nsswitch.conf:
| Code: | group: winbind
hosts: dns
networks: dns
passwd: winbind
shadow: winbind |
I start nscd, and I can *slowly* log into the Gentoo musl system with the credentials of an AD user.
Thanks |
|
Portage & Programming
