[K12OSN] NIS user authenticated OK but nothing works

Martin Woolley sysadmin at handsworth.bham.sch.uk
Thu Oct 21 14:25:20 UTC 2004

On Tuesday 19 Oct 2004 8:32 am, Martin Woolley wrote:
> in a nutshell, only root is to be able to resolve the passwd maps through 
> No regular user has access to them and as a consequence no one can change
> their password or indeed access any application that needs to resolve a uid
> to a uname. (eg open office, abiword, koffice, etc, etc).

Problem is caused by these lines in the /etc/ypserv.conf :-
# Host                     : Domain  : Map              : Security
# *                        : *       : passwd.byname    : port
# *                        : *       : passwd.byuid     : port
To quote from Sarup 'You should do this [un-comment them] otherwise any user 
on the network can say "ypcat passwd" and see the entire password database 
exported by the NIS server, including the encrypted password. However, root 
on the client machines will be able to view the encrypted password.' The 
comments from the /etc/yp.serv file state that the above lines '...when 
uncommented, will give you shadow like passwords. Note that it will not work 
if you have slave NIS servers in your network that do not run the same server 
as you.' This all implies that this is the way to go, BUT if you do then an 
unprivaledged user cannot access the password map file and so their uid 
cannot be translated to their uname.

The full saga can be read at http://www.openhgs.org/moin.cgi/NISNFS

Martin Woolley
ICT Support
Handsworth Grammar School
Isis Astarte Diana Hecate Demeter Kali Inanna

This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster at bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation

More information about the K12OSN mailing list