Shim Internals

The Shim calls the existing Linux utilities, such as adduser and sudo, and so does not make any changes to your core operating system, PAM, or NSS. It's designed to never break or interfere with other system management tools.

Every poll period (ranging from every 90 seconds down to 5 seconds in Userify Enterprise), your nodes request their latest user lists and public keys, and then create the local user accounts using standard Linux tools.

Unlike a directory-backed service, this design is very reliable, because even if the connection fails or even if you remove the shim completely, your locally created user accounts are always accessible.

Hack on the shim at Github!

Curious as to how the shim code works? It's only about 450 lines of easy-to-read Python code. Review the code in a few minutes at Github and join us in making it better with your pull request.