[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

MD5 passwords in NIS for multiple platforms

I'm currently trying to investigate what amount of work is required to
get multiple platforms to use md5 passwords with our current machines,
using NIS for password distribution.

What I want to do, is:

- Dstribute a md5 password map alongside the normal passwd.byuid and
  passwd.byname maps. This is trivial. How to get machines to use them
  is yet an unanswered question. 

  I'm afraid that it would require changing getpw* et. al. in libc,
  but I hope that I'm wrong. Maybe using the glibc md5 crypt() trick
  with LD_PRELOAD_PATH will work, and we could simply force ypbind
  clients to bind to a specified server depending on wheter or not
  they have full md5/PAM support. (We have ~40k users and ~100
  ypservers, so we'll need both maps during a transition period)

- Make the md5 passwords usable from Linux, Solaris, AIX, HP-UX, IRIX,
  Ultrix and OSF1

- The solution should preferably be compatible with something used
  elsewhere, and not a local hack of existing software.

It seems to me that what I need is a PAM port to the above mentioned
OSes, as well as a PAM module that does md5 password checking using
passwords from a nis map. I've found little information on what
software needs to be fixed on the machines, but I guess that it
atleast involves /bin/login and xdm. Less used features like ftp and
pop3 could be ran on servers that already have full PAM support.

Any information on how to solve the above mentioned problems would be
greately apreciated. If neccecary, I may devote some time to porting
existing software to other platforms.

Rune Frøysa, unix-drift
USIT - Centre for Information Technology Services
University of Oslo, Norway

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []