summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md27
1 files changed, 22 insertions, 5 deletions
diff --git a/README.md b/README.md
index 824e74d..8023be7 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,8 @@ The most important 4 programs are:
for Postfix that provides email aliases for users in hackers.git
- `pacman-make-keyring` generate a tarball with the pacman-keyring
files for the users in hackers.git
+ - `nshd` implements the nshld protocol of nss-pam-ldapd, but talks to
+ hackers.git instead of LDAP.
The others are:
@@ -40,7 +42,7 @@ store files that can be cached between versions of the keyring.
System users (`/etc/passwd`) mentioned in this variable may be SSH'ed
into by hackers.git users who are in a group of the same name.
-## nshd (TODO)
+## nshd
`nshd` also looks at `pam_password_prohibit_message` to decide what to
say when prohibiting a user from being changed via PAM.
@@ -58,19 +60,34 @@ Configure `sshd_config:AuthorizedKeysCommand` to be this program.
## postfix-generate-virtual-map
- postfix-show-virtual-map > /etc/postfix/virtual-parabola.nu
- postmap hash:/etc/postfix/virtual-parabola.nu
+ postfix-show-virtual-map > /etc/postfix/virtual-parabola.nu
+ postmap hash:/etc/postfix/virtual-parabola.nu
## pacman-make-keyring
- pacman-make-keyring V=$(date -u +%Y%m%d)
+ pacman-make-keyring V=$(date -u +%Y%m%d)
scp parabola-keyring-$(date -u +%Y%m%d).tar.gz repo.parabola.nu:/srv/repo/main/other/parabola-keyring/
or
- cd $(. "$(librelib conf)" && load_files makepkg && echo "$SRCDEST")
+ cd $(. "$(librelib conf)" && load_files makepkg && echo "$SRCDEST")
pacman-make-keyring V=$(date -u +%Y%m%d)
In the latter case, it would get uploaded automagically by
`librerelease` when you release a parabola-keyring with the matching
version.
+
+## nshd
+
+Either reboot, or run `systemd-sysusers` to create the nshd user.
+
+Add `ldap` to the `passwd`, `group`, and `shadow` fields in
+`/etc/nsswitch.conf`:
+
+ passwd: files ldap
+ group: files ldap
+ shadow: files ldap
+
+Then enable and start `nshd.socket`:
+
+ systemctl enable --now nshd.socket