Name Service Switch, an modular interface built in to the GNU C library that handles data retrieval from system databases, e.g., password, group, etc.
Questions tagged [nss]
76 questions
2
votes
0 answers
Username collision files/ldap, both passwords accepted
Ubuntu 18.04.3 server, slapd running, LDAP auth configured with libnss-ldapd and libpam-ldapd packages (all on the same machine). Created a local user with useradd and a user in the LDAP database with the same username, different numerical UIDs,…
![](../../users/profiles/264530.webp)
Lasse Kliemann
- 318
- 2
- 9
2
votes
0 answers
Import a P12 certificate into a NSS database (with an alias)
Here´s the deal... I have a personal P12 certificate generated by a certificate authority.
I want to use it with CURL to access a protected URL.
If CURL on CENTOS was compiled with openssl, I should only convert it to PEM format and provide that…
![](../../users/profiles/196842.webp)
smashing
- 143
- 1
- 6
2
votes
0 answers
libnss-mysql on freebsd 10.1
i have libnss-mysql installed on freebsd 10.1.
Everything works except groups command.
getent group - ok
# getent group
.......
froxlorlocal:*:1003:www <-- data from passwd
vmail:*:2000 <-- data from passwd
test::10000:test,www,froxlorlocal …
![](../../users/profiles/297889.webp)
Mantoze
- 21
- 1
2
votes
1 answer
centos 6.6 ldap authentication no longer works after certificate update on ldap host
We recently updated the CA certificates on our LDAP host. There are a couple of CentOS 5.x servers which don't seem to have any issues authenticating against the LDAP host, but there's one Centos 6.6 server that isn't able to. I don't know how the…
![](../../users/profiles/264818.webp)
igal
- 144
- 1
- 10
2
votes
0 answers
Stop NSSwitch on first match
I am using a MySQL backend to store some of my UNIX users into a database. In order for the system to be able to retrieve name information about these users, I added MySQL to NSS's sources:
passwd: files mysql
group: files…
![](../../users/profiles/181549.webp)
John WH Smith
- 341
- 4
- 18
2
votes
1 answer
Token error when trying to change password through pam-mysql
I am currently preparing a machine for a web hosting service, and I decided to use MySQL to store all our users (since the rest of our services use it already). For that, I am using libnss-mysql and pam-mysql. However, even though most of the setup…
![](../../users/profiles/181549.webp)
John WH Smith
- 341
- 4
- 18
2
votes
1 answer
LDAP groups not applying to filesystem permissions
System is ArchLinux, and I'm using nss-pam-ldapd (0.8.13-4) to connect myself to ldap.
Relevant configuration files:
/etc/nsswitch.conf
/etc/nslcd.conf
I've got my users and some groups in LDAP:
[root@kain tmp]# getent group
![](../../users/profiles/51989.webp)
BeepDog
- 314
- 3
- 12
2
votes
1 answer
How to change UNIX user password using passwd if user is stored in a MySQL database?
I'm trying to setup libnss-mysql and libpam-mysql. So far everything has been working. I can use id to get information about the users stored in my databas. getent passwd is working, as well. However, getent shadow is not. Additionally, I'm not able…
![](../../users/profiles/46074.webp)
t6d
- 507
- 2
- 5
- 12
2
votes
1 answer
How does OpenSSH / NSS determine the address to use for a hostname with multiple DNS entries?
Suppose I have some device with multiple addresses like so (due to some combination of AD and VMWare NAT name resolution, but that's not germane):
[centos@localhost ~]$ getent hosts my-weird-AD-device.company.com
192.168.1.10 …
![](../../users/profiles/40584.webp)
javanix
- 247
- 3
- 15
2
votes
1 answer
What is the easiest way to set up composable POSIX groups for SSH & Samba authentication?
Background
I'm putting together what I would consider to be a fairly ordinary chunk of infrastructure, but have been running into so many problems that I can't help but wonder if there's an easier way.
I need to be able to do the…
![](../../users/profiles/66849.webp)
Brian Bauman
- 216
- 1
- 2
- 10
1
vote
2 answers
Where to install NSS modules on CoreOS?
I have a custom NSS module that I wrote and I typically install it by copying the library like so...
cp libnss_mymodule.so.0 /lib64/
... then I add my module to the /etc/nsswitch.conf ...
$ grep mymodule /etc/nsswitch.conf
passwd: mymodule files…
![](../../users/profiles/67563.webp)
Ishpeck
- 204
- 1
- 6
1
vote
0 answers
Centos yum error: Failed to initialize NSS library - other fixes not working for me
Basic issue from screenshot:
yum
error: Failed to initialize NSS library
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
cannot import name ts
Please install a package which…
![](../../users/profiles/472202.webp)
Dave Heritage
- 11
- 1
- 4
1
vote
1 answer
Understanding LDAP Authentication
During the last days I've been fiddling around with LDAP authentication and I've managed to configure some Linux systems (CentOS 6 and 7) to perform the SSH authentication process
against an OpenLDAP server (which I also installed and configured).…
user428504
1
vote
0 answers
Mozilla NSS does not accept certificate with "PKCS #1 SHA-256 With RSA Encryption" signature
On Centos 7.2 NSS certutil and other tools using NSS libraries reject my certificate with the message certutil: certificate is invalid: The certificate was signed using a signature algorithm that is disabled because it is not secure.
I have created…
![](../../users/profiles/369755.webp)
Kimmo Ahokas
- 161
- 6
1
vote
1 answer
SSL handshake with CentOS, curl and ECDHE
Since I limited my Ciphers to ECDHE because of the Logjam vulnerabilities, I am not able to do a curl from a Centos machine anymore. (works from Ubuntu)
$ curl -v https://mysite.mydomain.com
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* …
![](../../users/profiles/22333.webp)
Bastien974
- 1,824
- 12
- 43
- 61