[K12OSN] NIS user authenticated OK but nothing works
Martin Woolley
sysadmin at handsworth.bham.sch.uk
Thu Oct 21 14:25:20 UTC 2004
On Tuesday 19 Oct 2004 8:32 am, Martin Woolley wrote:
> in a nutshell, only root is to be able to resolve the passwd maps through
yp.
> No regular user has access to them and as a consequence no one can change
> their password or indeed access any application that needs to resolve a uid
> to a uname. (eg open office, abiword, koffice, etc, etc).
SOLVED!
Problem is caused by these lines in the /etc/ypserv.conf :-
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
To quote from Sarup 'You should do this [un-comment them] otherwise any user
on the network can say "ypcat passwd" and see the entire password database
exported by the NIS server, including the encrypted password. However, root
on the client machines will be able to view the encrypted password.' The
comments from the /etc/yp.serv file state that the above lines '...when
uncommented, will give you shadow like passwords. Note that it will not work
if you have slave NIS servers in your network that do not run the same server
as you.' This all implies that this is the way to go, BUT if you do then an
unprivaledged user cannot access the password map file and so their uid
cannot be translated to their uname.
The full saga can be read at http://www.openhgs.org/moin.cgi/NISNFS
--
Regards
Martin Woolley
ICT Support
Handsworth Grammar School
Isis Astarte Diana Hecate Demeter Kali Inanna
*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email
in error please notify postmaster at bgfl.org
The views expressed within this email are those of the
individual, and not necessarily those of the organisation
*************************************************************
More information about the K12OSN
mailing list