puavoadmins

This project provides following components for intergrating Puavo organization owners to the host:

Commands for updating /etc/puavo/org.json from Puavo via its REST API, validating it and ensuring home directories exist for all puavoadmins.
NSS module which provides group and passwd databases.
- Uses /etc/puavo/org.json as a backend.
- Supports getpwnam(), getpwuid(), getpwent(), getgrnam(), getgrgid(), getgrent() and their reentrant counterparts.
- Populates group database with puavoadmins group (gid=555). All puavoadmins belong to this group.
- Populates passwd database with all puavoadmins listed in /etc/puavo/org.json.
Command for outputting puavoadmin's public keys in OpenSSH authorized_keys format. Intended to be used as AuthorizedKeysCommand (requires OpenSSH 6.1 or newer).

Requirements

make
sudo make install # Implicitly defines prefix=/usr

Run /usr/lib/puavoadmins-update-orgjson to fetch /etc/puavo/org.json
Add puavoadmins to passwd and group databases sources by modifying /etc/nsswitch.conf.
Optionally add following options to /etc/ssh/sshd_config:

AuthorizedKeysCommand /usr/lib/puavoadmins-ssh-authorized-keys AuthorizedKeysCommandUser nobody

And then restart/reload sshd.

Name		Name	Last commit message	Last commit date
Latest commit History 171 Commits
debian		debian
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
ci.sh		ci.sh
common.h		common.h
group.c		group.c
org.json.lock		org.json.lock
orgjson.c		orgjson.c
orgjson.h		orgjson.h
passwd.c		passwd.c
puavoadmins-ssh-authorized-keys.c		puavoadmins-ssh-authorized-keys.c
puavoadmins-update		puavoadmins-update
puavoadmins-validate-orgjson.c		puavoadmins-validate-orgjson.c
puavoadmins-validate-pam-user		puavoadmins-validate-pam-user