From 3080f53925cd8d333b9464137587a87f7d2e3c5e Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@sbcglobal.net>
Date: Wed, 15 Jun 2016 22:18:31 -0400
Subject: work on README

---
 README.md | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 824e74d..8023be7 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,8 @@ The most important 4 programs are:
    for Postfix that provides email aliases for users in hackers.git
  - `pacman-make-keyring` generate a tarball with the pacman-keyring
    files for the users in hackers.git
+ - `nshd` implements the nshld protocol of nss-pam-ldapd, but talks to
+   hackers.git instead of LDAP.
 
 The others are:
 
@@ -40,7 +42,7 @@ store files that can be cached between versions of the keyring.
 System users (`/etc/passwd`) mentioned in this variable may be SSH'ed
 into by hackers.git users who are in a group of the same name.
 
-## nshd (TODO)
+## nshd
 
 `nshd` also looks at `pam_password_prohibit_message` to decide what to
 say when prohibiting a user from being changed via PAM.
@@ -58,19 +60,34 @@ Configure `sshd_config:AuthorizedKeysCommand` to be this program.
 
 ## postfix-generate-virtual-map
 
-    postfix-show-virtual-map > /etc/postfix/virtual-parabola.nu
-    postmap hash:/etc/postfix/virtual-parabola.nu
+	postfix-show-virtual-map > /etc/postfix/virtual-parabola.nu
+	postmap hash:/etc/postfix/virtual-parabola.nu
 
 ## pacman-make-keyring
 
-    pacman-make-keyring V=$(date -u +%Y%m%d)
+	pacman-make-keyring V=$(date -u +%Y%m%d)
 	scp parabola-keyring-$(date -u +%Y%m%d).tar.gz repo.parabola.nu:/srv/repo/main/other/parabola-keyring/
 
 or
 
-    cd $(. "$(librelib conf)" && load_files makepkg && echo "$SRCDEST")
+	cd $(. "$(librelib conf)" && load_files makepkg && echo "$SRCDEST")
 	pacman-make-keyring V=$(date -u +%Y%m%d)
 
 In the latter case, it would get uploaded automagically by
 `librerelease` when you release a parabola-keyring with the matching
 version.
+
+## nshd
+
+Either reboot, or run `systemd-sysusers` to create the nshd user.
+
+Add `ldap` to the `passwd`, `group`, and `shadow` fields in
+`/etc/nsswitch.conf`:
+
+	passwd: files ldap
+	group: files ldap
+	shadow: files ldap
+
+Then enable and start `nshd.socket`:
+
+    systemctl enable --now nshd.socket
-- 
cgit v1.2.2