nsscache

Build Status GitHub Go Report Card

Linux systems derive user and group information from a set of databases. On some systems it is possible to load multiple databases via the Name Service Switch. nsscache can write a set of files that are in the first format for libnss-cache to read and supply to the system.

libnss-cache can be obtained from its repository.

Installation

If your distribution provides a packaged binary form of nsscache, you are strongly encouraged to use this, though if your distribution happens to be Debian derived, make sure you’re getting a version that’s somewhat recent.

If your distribution does not provide nsscache, you’ll need to build it from source. It is assumed that you have a Go installation of version 1.10 or later and the dep Go dependency manager.

Now you can build nsscache:

$ git clone -b <version> https://github.com/NetAuth/nsscache
$ cd nsscache
$ dep ensure
$ go build -o nsscache cmd/nsscache/main.go

Now you can install nsscache.

$ sudo cp nsscache /usr/local/sbin/
$ sudo chown root:root /usr/local/sbin/nsscache
$ sudo chmod 0755 /usr/local/sbin/nsscache

Remember to update your build periodically to ensure you have appropriate security fixes.

Configuration

Running the binary as root will do the right thing, assuming that you have your certificate located at /etc/netauth.cert and your configuration file at /etc/netauth.toml.

nsscache is configured via flags. Important flags that you may wish to change are called out below:

nsscache provides single shot updates to the files. You must run nsscache on some sort of job controller if you want to update and pick up new values. Choose the update frequency that is right for you. A good default choice if you have no idea what to set here is 15 minutes. This will be slightly annoying to users that have just been created in the system, but won’t otherwise hammer the NetAuth server.