[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: redhat nis client, freebsd nis server

Sorry, I posted from the wrong address _twice_.

-----Forwarded Message-----

From: Andrea Dell'Amico <adellam@sevenseas.org>
To: pam-list@redhat.com
Subject: Re: Re: redhat nis client, freebsd nis server
Date: 22 Nov 2002 22:21:01 +0100

On Fri, 2002-11-22 at 21:51, Greg Adams wrote:
> The ypmatch returned a line similar to what you put in your message, but
> the password is shadowed. After doing some more reading, it seems that
> Pam/RedHat doesn't support shadow passwords over nis, so I'm planning on
> changing the maps so the passwords aren't shadowed. Does this sound right?

You can make it work. I answered to your first mail but from a wrong
address, repost quoting your original message:

> I'm trying to set up a Redhat 7.2 machine to be an NIS client for a
> FreeBSD 4.6 NIS server. I get output from ypcat, ypwhich, but
> authentication always fails for nis profiles. I've already seen the
> posts about pam_unix.so, and have changed to pam_pwdb.so in pam.d's
> system-auth, login, rlogin, etc., with no success.

It shouldn't be necessary.

> I get the following error messages in my /var/log/messages on the RH
> system upon trying to ssh using an NIS profile named nistest, which
> a password of 8 plain characters:
> PAM_pwdb [11070]: authentication failure; (uid=0) -> nistest for sshd
> service

What kind of authentication are you using on the nis server?
Based on that you will need to change some parameters in
/etc/nsswitch.conf to use the "compat" maps (and add "+: at the end of
/etc/passwd and /etc/group) on the clients and maybe generate a
"shadow.byname" map on the nis server.

This is an example from my configuration:



passwd:     compat
shadow:     files nis
group:      compat






[adellam@altrove adellam]$ ypmatch adellam shadow.byname

If I were root, I would seen the encrypted password instead of the "x"

> Thanks for your info..
> Greg Adams

Andrea Dell'Amico - <mailto:adellam@sevenseas.org>

Sendmail may be safely run set-user-id to root.
                -- Eric Allman, "Sendmail Installation Guide"

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []