I recently ran into a problem with NSS-MySQL – or rather I ran into a number of problems with NSS-MySQL.
- The first was that there are two libraries with almost identical names (libnss-mysql and nss-mysql) hosted in two different locations (sourceforge.net and savannah.gnu.org respectively) which do exactly the same thing (lookup users from a MySQL database).
- The second was that all our legacy servers that use this method of authentication had been installed from source, however the key text that told me which version to use (sourceforge or gnu) had been removed from the build documents so I didn’t know which one I was meant to be installing.
- The third issue (and this isn’t the final issue unfortunately) was that when I realised that the version we were using was the gnu.org one, I also discovered that the only one for which maintained packages were available was the sourceforce.net version.
- The fourth (and last for the time being) was that the configuration file formats were completely different
At this point, it wasn’t looking too good…
Working closely with a Colleague, we also identified that although the users in the MySQL database were completely different to those found in /etc/passwd, many of the uids and gids matched entries in both. This was because although all the account names for users start at 2001 as far as the system is concerned, the database userId field starts at 1. I love legacy systems…
After three days trying to solve this, we were starting to wonder if it would be any quicker to redesign the database and just reassign the permissions across the 25TB of data that we hold for various accounts, then, we hit the solution.
libnss-mysql (the package available from EPEL and the version that is hosted on SourceForge) has to be the version of choice going forwards as we must be able to deploy this server without any human intervention in order for the build systems based upon cucumber-vhosts/hudson that I’ve discussed elsewhere on this blog to work correctly. This is how we fixed the queries…
