[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: redhat nis client, freebsd nis server



Sorry, I posted from the wrong address _twice_.

-----Forwarded Message-----

From: Andrea Dell'Amico <adellam@sevenseas.org>
To: pam-list@redhat.com
Subject: Re: Re: redhat nis client, freebsd nis server
Date: 22 Nov 2002 22:21:01 +0100

On Fri, 2002-11-22 at 21:51, Greg Adams wrote:
> The ypmatch returned a line similar to what you put in your message, but
> the password is shadowed. After doing some more reading, it seems that
> Pam/RedHat doesn't support shadow passwords over nis, so I'm planning on
> changing the maps so the passwords aren't shadowed. Does this sound right?

You can make it work. I answered to your first mail but from a wrong
address, repost quoting your original message:


> I'm trying to set up a Redhat 7.2 machine to be an NIS client for a
> FreeBSD 4.6 NIS server. I get output from ypcat, ypwhich, but
> authentication always fails for nis profiles. I've already seen the
> posts about pam_unix.so, and have changed to pam_pwdb.so in pam.d's
> system-auth, login, rlogin, etc., with no success.

It shouldn't be necessary.

> 
> I get the following error messages in my /var/log/messages on the RH
> system upon trying to ssh using an NIS profile named nistest, which
has
> a password of 8 plain characters:
> 
> PAM_pwdb [11070]: authentication failure; (uid=0) -> nistest for sshd
> service

What kind of authentication are you using on the nis server?
Based on that you will need to change some parameters in
/etc/nsswitch.conf to use the "compat" maps (and add "+: at the end of
/etc/passwd and /etc/group) on the clients and maybe generate a
"shadow.byname" map on the nis server.

This is an example from my configuration:

/etc/nsswitch.conf:

....

passwd:     compat
shadow:     files nis
group:      compat

....

/etc/passwd:

....
+::::::

/etc/group:

....
+:


[adellam@altrove adellam]$ ypmatch adellam shadow.byname
adellam:x:11607:0:99999:7:-1:-1:134548660

If I were root, I would seen the encrypted password instead of the "x"
character.


> 
> Thanks for your info..
> 
> Greg Adams
> 


-- 
Andrea Dell'Amico - <mailto:adellam@sevenseas.org>

Sendmail may be safely run set-user-id to root.
                -- Eric Allman, "Sendmail Installation Guide"






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []