The nsss library interface
libnsss is a client library meant to be used by client
programs needing utmp functionality. It interacts with various
server-side daemons such as
Application programs can use it directly, but most existing programs
simply use the standard
interfaces, which in nsss are implemented as a series of thin wrappers
around the nsss library.
- Make sure the nsss headers, as well as the skalibs headers,
are visible in your header search path.
- Use #include <nsss/nsss.h>
- To use the standard pwd.h interface, you can
just #include <pwd.h>, which will work as long
as the nsss/pwd.h header is accessible in your header
- Same thing for grp.h and shadow.h.
- Make sure the nsss library, as well as the skalibs library,
are visible in your library search path.
- Link against -lnsss, -lskarnet,
`cat $SYSDEPS/socket.lib` and
`cat $SYSDEPS/tainnow.lib`, $SYSDEPS being your skalibs
The nsss/nsss.h header is actually a collection of headers:
- nsss/nsss-unix.h implements basic access to the
/etc/passwd, /etc/group and /etc/shadow
- nsss/nsss-switch.h implements connection via a Unix
domain socket to a listening nsssd daemon, implementing an
authentication backend based on what implementation of
the daemon is listening.
- nsss/nsss-all.h implements a safe policy: first a
connection via nsss-switch is attempted, and if no daemon
is listening, the safe nsss-unix backend is used.
By default, the getpwnam() et al. functions are aliased
to their nsss-all implementations. You can disable the
nsss-unix fallback by compiling with the NSSS_DISABLE_UNIX
macro defined (-DNSSS_DISABLE_UNIX). Or you can disable any
attempt to connect to a daemon by compiling with the
NSSS_DISABLE_SWITCH macro defined (-DNSSS_DISABLE_SWITCH).
(To be completed.)