From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/1542 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Design for extensible passwd[/shadow?] db support Date: Sun, 12 Aug 2012 01:38:02 -0400 Message-ID: <20120812053802.GA10971@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1344749841 8857 80.91.229.3 (12 Aug 2012 05:37:21 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 12 Aug 2012 05:37:21 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-1543-gllmg-musl=m.gmane.org@lists.openwall.com Sun Aug 12 07:37:19 2012 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1T0QrS-0003kQ-9M for gllmg-musl@plane.gmane.org; Sun, 12 Aug 2012 07:37:14 +0200 Original-Received: (qmail 9930 invoked by uid 550); 12 Aug 2012 05:37:12 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 9918 invoked from network); 12 Aug 2012 05:37:12 -0000 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:1542 Archived-At: Presumably at some point, musl will be used in environments where it's not feasible to have the entire user database in a flat password file. Despite NIS being hideous, largish institutions use it for this reason; presumably LDAP is a much better option, and there may be other options still I'm not aware of. What I'm looking for is a way to allow musl to access user data that's not provided with flat files in /etc, but without bloating musl or introducing dependencies on abominations like RPC. The idea I have is to add a single lookup method to musl, whereby it can query a local daemon of some sort for user information in a clean, simple protocol. Such a daemon can in turn translate to NIS, if desired, or to SQL db queries, or to whatever back-end the admin wants to use. I'm fairly settled on this general approach, but since I'm not at all familiar with the existing approaches, I'd like to seek some further input. The first main question is what protocol to use. One really simple choice would be a plain text protocol where the name/uid of requested user is sent over a socket (probably a datagram unix socket) and the response comes back in standard colon-delimited passwd format for the existing passwd code to parse. This seems very clean, but as far as I know it doesn't have any existing implementations. Alternatively, we could make musl speak an existing query language (e.g. LDAP) directly, such that it could interface with any existing server out there that speaks the chosen protocol, or with a proxy that translates to other protocols like NIS. Any thought on the pros and cons of these or other appraches? Rich