summaryrefslogtreecommitdiff
path: root/nss_mapuser.conf
blob: 2685ac07ddee0e26eb533280cf40608962844e56 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# This file is part of the libnss-mapuser package.
# It should be world readable.  It does not contain any security
# sensitive information.
#
# Edit /etc/nsswitch.conf to add mapuser and mapuid to the passwd lookup,
# similar to the example below.
# mapuid must be the be prior to compat, since uid lookups would
# otherwise always match via compat, and mapuser must be last, since
# it always matches anything.
#    passwd: mapuid compat mapuser

# if set, errors and other issues are logged with syslog
# debug=1

# min_uid is the minimum uid to lookup.  Setting this to 0
# means uid 0 (root) is never looked up, good for robustness and performance
# Cumulus Linux ships with it set to 1001, so we never lookup system
# users, or the standard "cumulus" account.  You may want to change this
# to the value of the radius_user account.
min_uid=1001

# This is a comma separated list of usernames that are never mapped
# because they are standard accounts.  They cause an early not found
# return.
#
# "*" is not a wild card.  While it's not a legal username, it turns out
# that during pathname completion, bash can do an NSS lookup on "*"
# To avoid server round trip delays, or worse, unreachable server delays
# on filename completion, we include "*" in the exclusion list.
# User names starting with "tacacs[0-9]" are also ignored, in case the
# tacplus client packages are installed.  User names matching 
# the mapped_user and mapped_priv_user configuration fields are also ignored.
exclude_users=root,daemon,nobody,cron,sshd,cumulus,quagga,frr,snmp,www-data,ntp,man,*

# Map all usernames to the radius_user account (use the uid, gid, shell, and
# base of the home directory from the cumulus entry in /etc/passwd).
mapped_user=radius_user