Currently there is just one cache algorithm implemented using redis.
It is highly recmommended to use the redis server instead of no cache.
Redis can be installed on the same server you install nss_http.

You need a server that serves the user data.
You can use the sample server in this repo.

The library (duh!)

A helper app that allows authentication using ssh-keys

Example app for your uses

1. Make sure you have following packages installed:
   • build-essential
   • libhiredis-dev
   • libjson-c-dev
   • libcurl4-openssl-dev (You can run make prepare to install all needed packages)
2. Adjust shared/global.h to your needs.
3. run make install to compile and install nss_http and the nss-http-key-helper
   If you only want nss_http cd nss_http and run make install there

Remove using make uninstall

Modify /etc/nsswitch.conf and add http to passwd and shadow

# /etc/nsswitch.conf
passwd:         compat http
group:          compat
shadow:         compat http
gshadow:        files
...

Security note: Keep in mind, that you might have set tokens, usernames and/or passwords in shared/global.h Clear or remove the file in production use.

You can test the functionality by running

$ getent passwd <username>

Add following lines to your sshd_config

AuthorizedKeysCommand /usr/bin/nss-http-key-helper
AuthorizedKeysCommandUser nobody

• nss_http can and will not request a whole user list.
• nss_http accepts only valid JSON data as input.
• nss_http should use a cache, either local or external.
• nss_http can not change passwords.
• nss_http accepts all password formats. It depends on the distribution whether the password is correct or not.
• Usernames must match the regex ^[a-z][-_a-z0-9]*$ and should be lowercase.

nss_http sends a POST request with JSON encoded data

Either containing the username:

{
    "User": "joe"
}

Or containing the uid:

{
    "Uid": 7000
}

The backend server must respond with following JSON encoded data:

{
    // username, case sensitive!
    "User": "joe",
    // Display Name
    "Name": "John Doe",
    // crypted password
    "Password": "$6$jhCNuhl2ycbWn2YZ$mzNzPcdXsBhp5VVM/3vTmbeg./tevYxkSZxN96Bz7LtBTDDrKekUyTAYfNexQ8mBQeqL7aCCLRjBUJmsl81i1/",
    // Shell to use
    "Shell": "/bin/bash",
    // Uid and Gid
    "Uid": 7000,
    "Gid": 7000,
    // Home Dir
    "Dir": "/home/joe",
    // AuthKeys for nss-http-key-helper
    "AuthKeys": [
        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0iftI+BgPr2F0aX1ajg89TVsGZ/nKvyayWSHpynE53s+5KABK7ns66hZyQWe/Q2g15Npebdz7xXES752ch3CtPiBOe//aehUZTYj/rxY9z7/JoYBYeoGeTHNtZ1D6IWnH3Aw9xeAPx1utHPMNRNkXiJWL7FaUKFMsLSK8irc/nyiJrJ5kIoGZBLMXu9CQY775DXP9xkT23nvV2RQw/9Sr20EFtSATqUrYab0/3V4Sb+W4fIAa4zGo75GC8Xpgb0gO96atJzVD8s3bpOFXl+F52JUZXyCU4B68gO+1Chv/TT6TuLU0jtVBJorvincc573NrmSNdhavmJBbHqJ6CXx5Q== rsa-key-20160901",
    ],
    // Pass any Custom Data here you need
    "CustomData": {
        "LastLogin": 134567,
    }
}

• html/ contains a sample for the browser to create crypted passwords
• run the sample server with npm start (might need npm install first)
• the sample backend server has two users: joe and smith

• Implement a local cache algorithm

1.0.0: First release