#  Copyright 2000, 2001, 2002 Laurent Wacrenier
#
#  This file is part of libhome
#
#  libhome is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as
#  published by the Free Software Foundation; either version 2 of the
#  License, or (at your option) any later version.
#
#  libhome is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU Lesser General Public License for more details.
#
#  You should have received a copy of the GNU Lesser General Public
#  License along with libhome; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
#  USA

libhome is a library providing a getpwnam() emulation.
It support MySQL (3.23), Open LDAP 2 or system /etc/passwd
frontend.

It's intended to replace getpwnam within a system daemons who needs
user authentification or identification when the users are listed on
foreign servers.

DOWNLOAD

You can get new version from the web site http://pll.sourceforge.net/

INSTALLATION

The "configure" script try to guess it you have MySQL or LDAP
installed and compile with them when found. If they are in a
unguessable place, set theyre include path or library path

  --with-ldap
  --with-ldap-libdir
  --with-mysql
  --with-mysql-libdir
  --with-pgsql

You can disable LDAP, MySQL or PgSQL configuring this the option 
--without-ldap, --without-mysql or --without-pgsql

Sleepycat DB3 or DB4 may be used to cache retrieved information during
a while and limit serveur load. It's place is guessed in "configure"
but you can define the include and library paths with --with-db3 or
--with-db4 and --with-db3-libdir options. Use options --without-db3 and
--without-db4 if you don't want this feature.

You can download DBx from http://www.sleepycat.com/

One you have run configure with you option, just do a "make" then
"make install". 

CONFIGURATION

Check the manal page of home.conf(5) and configure the library with
your settings.

You are able to test your configuration, you can compile the
"home_finger" (just run "make home_finger") and run it home_finger can
also be used for benchmarks. Run "home_finger -h" to get the syntax.

LINKING YOUR APPLICATION WITH LIBHOME

The utilities "libhome.sh" give options for compilation. Option "-i"
returns the -I options for the C preprocessor, option "-l" returns the
-L and -l options for the linker.

example:
  cc -o main $(libhome.sh -i) main.c $(libhome.sh -l)

PERL MODULE

The Home subdirectory contains a perl module who wrap the libhome
functions.

STRING EXPANSION

As LDAP lacks of computed result, it is possible to format multiple
fields using libhome string expansion. For example, to get a full gecos
field, you may use this configuration directives:

ldap_extra_attributes displayName ou telephoneNumber homePhone mobile description

gecos =${displayName},${ou},${telephoneNumber},${homePhone:?${mobile}},${description}

Warn of multivalued fields, they are currently not supported (only one
value is returned).

See manual for details.

PROXY

The proxy is expected to be the more secure way to ask user information
because the databases informations are outside the user memory space.

Theyre is ACL to disable some queries or hide the password field. On
FreeBSD, Linux, OpenBSD, Mac OS X and NetBSD, ACL can check the UID or
GID who make the query. For example, you may enable only query for low
UID numbers and for the user itself.

They is a NSS source (home_proxy) who work on FreeBSD 5, Linux 
and maybe Solaris (untested), NetBSD 2 or other systems.

I may port to other system if I have a root access to such computer,
at least in a chroot jail, with full utilities (gcc, autoconf, emacs,
zsh) and an access to a database. The jail may be lightly instable
during the test.

To enable it, ass something like this in /etc/nsswitch.conf
  passwd: files home_proxy

On Solaris, it could be nessessary to put the nss library in /usr/lib
You can check it running 
  truss finger -m unknown-user 2>&1 | fgrep nss
If it is, you may please Solaris with 
  ln -s /usr/local/lib/nss_home_proxy.so.1 /usr/lib
Could someone report me how Solaris port is working ? 

Be sure the proxy don't use any system passwords check as database if
you use this. The NSS source is a part of the system password now.

You may compile only the NSS library
 make nss
and install it with 
 make install-nss

If nss module compilation, break the build, 
  configure --without-nss ...

Status of non-standard and system dependant API features :

                  Proxy ACL per client UID    NSS proxy module
FreeBSD5               ok                     ok
FreeBSD4               unavaiable             unavaiable
Linux (version?)       ok                     ok
Solaris                not ported             compile, untested
NetBSD1                maybe                  unavaiable
NetBSD2                maybe                  maybe
OpenBSD                ok                     unavaiable
Mac OS X               ok                     unavaiable
HPUX                   unavaiable             not ported

