Feature #16590
Updated by Peter Amstutz almost 4 years ago
This needs to be done via glibc NSS (Name Service Switch). This is a module that is loaded by glibc and configured systemwide, which allows customizing lookups on various fundamental system databases (in this case, passwd). For remote user database lookups, glibc supports NIS (Network Information Services, formally Sun Yellow Pages). However this is a really old standard sun-rpc based standard. Options The easiest way to do this include in 2020 seems to be via the systemd NSS module: https://systemd.io/USER_GROUP_API/ "Each subsystem that needs to define users and groups on the local system is supposed to implement this API, and offer its interfaces on a Varlink AF_UNIX/SOCK_STREAM file system socket bound into the /run/systemd/userdb/ directory." So the approach would be to create a service that listens on this socket and supports the appropriate protocol, looks up users in Arvados and responds appropriately. This could also creates the home directory on demand. Or avoid systemd and write our own module in Go https://github.com/protosam/go-libnss Combine with sshd AuthorizedKeysCommand which can look up the user's ssh public key on demand.