[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: NIS, shadow, and pam?



Hello...

	I have a test radius server running on a NIS slave server (all machines
are RH 5.0).  The radius works fine.  Using shadow passwds on the NIS
master, radius will authenticate correctly if the config is (DEFAULT
Auth-Type = System ).  Using Auth-Type = Pam only works if on the NIS
master shadow passwds are NOT enabled.  With shadow passwds on the NIS
master all pam auths fail.  This is why I think it is a pam specific
problem ( or glibc ???).  So... Which module/lib actually talks to the
system to verify the sent password?  I really want to set my system this
way so I'm willing to spend the time to get this working.    
<more below>

Jason Pfeil wrote:
> 
> That's an interesting thought.  I hadn't seen much about YP and
> shadow...but I would prefer a "real" implementation (if such a beast
> exists).  By that I mean YP programs using /etc/shadow instead of
> /etc/passwd.  I stand with Jim here...I'd love to hear how it is
> implemented...so if anyone knows, I am asking for clarification here.  :)
> 
> On Tue, 19 May 1998, Jim Hebert wrote:
> 
> > I always hear varying things on this, so I'm going to stick my neck out
> > and someone either confirms or denies this. =)
> >
> > I've heard, on one hand, that "shadow" for YP is really not shadow in the
> > traditional sense, and that instead it's a trick in the library where it
> > check's who is asking for the password map from yp and if it's not root,
> > it sends it the user:*:.... looking map, while if it is root it will give
> > you the normal looking map with the passwords.

Correct me if i'm wrong, but I think you might be refering to is
passwd_mangle....

# Host                       : Map              : Security  
:Passwd_mangle
*                          : passwd.byname    : port       : yes
*                          : passwd.byuid     : port       : yes
*                            : shadow.byname    : port       : yes



> >
> > Then on the other hand I've actually seen threads where people were
> > running with /etc/shadow containing the passwords, and they were trying to
> > get that working.
> >
> > So, I dunno. How's that saying go? The best way to get information is to
> > post misinformation?
> >
> > =)
> >
> > jim
> >
> > --
> > [L]inux has an installed base conservatively estimated at around 3 million
> > users.... [V]endors say that most of the top companies in the US have bought
> > the OS - but that few will readily admit to running their multimillion-dollar
> > corporations on code put together by a band of software idealists. -- _Wired_
> >
> > On Tue, 19 May 1998, Christopher McCrory wrote:
> >
> > > Hello...
> > >
> > >     It seems that using pam and shadow passwds works.  Using pam and NIS
> > > works.  Using shadow, and NIS with pam does not.  Is someone working on
> > > this and if not where do I start?
> > >
> > > thanks
> > >
> > > --
> > >
> > > Christopher McCrory
> > > Lead Bithead, Netus Inc.
> > > chrismcc@netus.com
> > > admin@netus.com
> > >
> > > "Linux: Because rebooting is for adding new hardware"
> > >
> > > --
> > > To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> > >
> >
> > --
> > To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> >
> >
> 
> -------------------------------------------------------------------------------
> Jason A. Pfeil, Computer Science System Administrator  120 Carothers Hall
> http://www.cs.fsu.edu/~pfeil                           Florida State University
> pfeil@cs.fsu.edu                                       (850)644-4019
> 
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null

-- 

Christopher McCrory
Lead Bithead, Netus Inc.
chrismcc@netus.com
admin@netus.com

"Linux: Because rebooting is for adding new hardware"



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []