[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM, nsswitch.conf, and tiny passwd files



Hello,

> 
> 
> Some (slightly off-topic) NIS and NIS+ questions
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> ....
> 
> >   I've looked at NIS & NYS, but they have their own problems.
> > (i.e. 'slammer', and linking everything against libnsl)
> 
> 
> 	Unfortunately I don't know nearly as much as I'll
> 	need to about NIS/NIS+
> 
> 	My questions:  Is it possible to configure NIS to map
> 	just UID/GID's (and to use DNS for hosts and Kerberos
> 	for authentication)?   When you say "linking everything"

NIS a service like DNS, you have to configure, if you wish to use
NIS for hosts or DNS, or at first NIS and then DNS or only DNS.
It depends on your libc, if you could configure this, how, and
if you use NIS passwords or Kerberos.

> 	space utilities)?  Does glibc provide these NIS extensions
> 	transparently?  (i.e. what pain do I cause if I use NIS
> 	on a Red Hat 5.x system with all the glibc updates?).

What do you understand with "NIS extensions transparently" ?
If you don't wish touse NIS, remove nis from /etc/nsswitch.conf
There is no pain in using NIS with RedHat 5.x and the glibc updates.

> 	Last I heard  Linux could only operate as NIS+ client
> 	and not as a "master" or "slave" server.  Is this still
> 	the case?   

Yes, since nobody will start to implement a rpc.nisd. It is hard
enough to develop the NIS+ client source, since there are a lot
of people who wish to use it, but nobody is able to track problems
down or make fixes. NIS+ is in alpha/beta stage, for some people it
works, for other not. I think this will changed if glibc 2.1 is
released and we have a Linux Distribuiton with glibc 2.1. But then
we will have in the first time the same problem like NIS with glibc 2.0,
not enough or the wrong people tests only the public available 2.1 snapshots.

> 	What is the difference between NIS with SRA (Wietse Venema's
> 	secure RPC authentication?) and NIS+?

I don't know NIS with SRA, but I think NIS with SRA is
a special hack which will not work with other Unixe.

> 	How does PAM fit into this?  Is PAM to the point where 
> 	it can have NIS modules plugged into it?  (I've been on this

With glibc2, you don't ned PAM to plug NIS modules in. glibc 2 has
the NSS switch, you say the libc in /etc/nsswitch.conf which service
to use.

  Thorsten

-- 
Thorsten Kukuk  kukuk@vt.uni-paderborn.de
                http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []