vitalnix user management suite 3.2.0


Name

vitalnix -- user/group account management software

Description

The Vitalnix User Management Suite is a collection of programs and libraries that implement frontend access to databases storing UNIX user and group accounts.

History -- The task

A tool suite (now evolved to the Vitalnix Suite) was developed in 1997 at the Otto-Hahn-Gymnasium Göttingen, Germany, to import user descriptions from a text file dump from the secretary office and make ready-to-use UNIX user accounts out of it, but taking into account existing accounts. The program updated the Unix passwd database with changes calculated from that external text file.

Database access has been modularized so that LDAP support would be easily possible; the tool suite has also gained many more programs that relate to the day-to-day administrative job in computer networks; predominantly in the educational sector, but as LDAP emerges as a common technology in any area, this tool suite will be helpful.

Authors

The original Perl scripts were created by Eike Teiwes in 1997-1999.

Jan Engelhardt has picked them up in fall 1999 keeping them up to date (including rewriting the tool suite to get it to new levels) and is the current maintainer, reachable at jengelh@computergmbh.de.

I would like to thank the following people for their beta testing, suggestions and contributions over the years: Cordula Petzold, Cristoph Thiel, Eberhard Mönkeberg.

Limits of existing software

A lot of user account maintenance programs I have come across use NSS ("getpwent") for retrieving information and issue backend-specific (shadow, LDAP) commands for write operations, such as adding, modifying or deleting a user or group.

The standard NSS API is neither thread-safe nor multi-use safe (a single thread, but intertwined invocations of functions). The GNU libc thread-safe extensions do not cover all functions, for example setpwent(). Write support is totally absent from NSS -- libc has a mere putpwent() which requires a stdio file handle, which of course does not work with other storage methods such as LDAP or MYSQL.

So most programs implement their own write handling, each coming with its own bulk of bugs, limitations or configuration files (and Vitalnix is surely no different). Gluing programs together requires a tremendous amount of time and often you just do not trust some programs when they ask for information that would normally not be required to perform a given task.

Current project status

Vitalnix provides a library, libvxdb, which abstracts away the underlying storage mechanism and provides generalized methods of basic operations such as "add a user", modify, delete. With regard to user/group information retrieval, it is mostly equivalent to NSS, but is designed with thread-safety and multi-use safety in mind from the beginning. I consider the API and code to be rather clean compared to NSS and pwdutils.

Vitalnix is not the solution to everything. For example, it does not allow you to add arbitrary attributes to a user account, even if the underlying storage mechanisms could be adopted to do so. The primary focus on providing a simple (ideally) API and tools to get a typical essential server system (e.g. Windows network logon with SMB) working.

The Vitalnix package is considered to be in beta stage. It works for what we do with it, but it has yet to see widespread usage.

Of course, there is a bit more than just libvxdb. SAMBA Logon Time Restriction and Print Accounting are two parts for example, which are not directly related to user management, but they were nonetheless needed.

Refer to the following subsections and the linked manpages for further reading.

Part 1 -- Basic setup of Vitalnix

(To be done)

Part 2 -- Basic user/group information

This group of tools are mostly equivalent to various system programs, except that they use the Vitalnix API for interacting with databases.

vxfinger(1) user information lookup
vxid(1) print user identity (UID/GID/groups)

Part 3 -- Basic user/group administration

These tools are equivalent to /usr/sbin/useradd and friends. They only operate on the common NSS fields, i.e. do not handle Vitalnix-specific extensions like the Vitalnix Group Tag or Deferred Deletion. Use these when working with system accounts

vxuseradd(8), vxusermod(8), vxuserdel(8), vxgroupadd(8), vxgroupmod(8), vxgroupdel(8)

Part 4 -- Auxiliary tools and helpers

A few helper programs which may be used from other scripts or programs at your option. They provide a program-based interface to the Vitalnix C API.

vxrandpw(1) Generating random passwords
vxtryauth(8) Interface to the PAM system authentication

Part 5 -- Tools for user/group synchronization

Synchronizing parts of the user database with an External Data Source (EDS, usually a text file) is an essential block of the Vitalnix Suite.

vxckuuid(8) Finding users whose UUID potentially needs correction prior to synchronization
vxfixuuid(8) UUID correction for users
vxusersync(8) User account synchronization
vxgroupbld(8) Group membership synchronization
vxpwlfmt(8) Password list prettyprinting -- conversion from simple list to magnificient documents
vxnewuser(8) Single-user addition with handling for Vitalnix-specific fields(!)
steelmill(8) Graphical user interface for vxusersync and vxpwlfmt (incomplete)

Part 6 -- Administrative library code

(To be done)

pam_ihlogon(8) Class-based login time restriction module for the PAM stack (Pluggable Authentication Modules)

Part 7 -- Vitalnix CGI programs

(To be done)

vxcgi_chpasswd(8) Set password
vxcgi_ntactiv(8) Reset SMBNT password to UNIX password
vxcgi_vwquota(8) Display DiskQuota

Part 8 -- Print accounting

(To be done)

lpacct_filter(8) Vitalnix print job analyzer
lpacct_scv(8) Vitalnix print job confirmator - CUPS backend
lpacview(8) PHP webscript for managing print jobs

Part 9 -- Database drivers

(To be done)

vxdrv_ldap(7) LDAP database driver
vxdrv_mmd(7) Multiple Module pseudo-driver
vxdrv_mysql(7) MYSQL database driver
vxdrv_shadow(7) Shadow database driver (/etc/passwd)

Part 10 -- Vitalnix library API

(To be done)

libvxcgi(3) Helper functions for CGI programs
libvxcli(3) Helper functions for CLI-based programs
libvxcore(3) Really core functions; used by database drivers to register with libvxdb.
libvxdb(3) General Vitalnix API for interaction with user databases
libvxeds(3) Library for parsing External Data Sources
libvxmdfmt(3) Library for postformatting password lists (used by vxpwlfmt and steelmill)
libvxmdsync(3) Library for handling user synchronization
libvxutil(3) Various helper functions related to user management

Part 11 -- Vitalnix internal commands

Tools for inspecting and debugging Vitalnix and the user database.

vxdbdump(8) Dump contents of database
vxdbinfo(8) Information about database drivers