[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Resolved (sorta): RHL9 NIS+ client to Solaris server



Well, authenticating from my RHL9 client to a Solaris NIS+ master works now, but I'm darned if I know why. Just to close off this thread, here's what I did:

- downloaded and installed nis-utils from http://www.linux-nis.org
- on the Solaris master:

/usr/lib/nis/nisclient -co my_rhl_client_name

- on the RHL9 client:

domainname my.domain.name.
nisinit -c -H my_solaris_masters_name
keylogin -r

- I could now do a niscat and see the NIS+ maps, but couldn't login as a NIS+ user
- this is the point that I posted my original question
- got one reply from Tom Cross (thanks!) saying use authconfig to enable NIS.
- I had already done that, but I used authconfig to turn on and off NIS support several times, neither way seemed to make a difference.
- on the RHL9 client, I compiled and installed pam_unix2.so, as per the instructions at http://www.linux-nis.org/nis-howto/HOWTO/nisplus.html
- but I didn't know where to put it in the /etc/pam.d files, so I posted another question to the pam-list (to which I recevied no replies)
- after much experimentation (ie blind guessing), this is what I ended up with for pam files:


/etc/pam.d/login:

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     /lib/security/pam_unix2.so       set_secrpc
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

/etc/pam.d/rlogin:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     /lib/security/pam_unix2.so       set_secrpc
auth       required     pam_env.so
auth       sufficient   pam_rhosts_auth.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

/etc/pam.d/system-auth (I did not hand-edit this one, so I suspect my playing with authconfig made the changes):

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so
password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

Nothing changed, until I rebooted, then magically it worked. Unfortunately my careful, methodical troubleshooting methods were long gone by then, and I was just shotgunning the changes because nothing was working, so I don't know what made it stick... perhaps the /etc/pam.d changes need a reboot? I don't know enough about Linux's authentication processes to know for sure.

Oh well, at least it works now. Hope this helps someone else out....

-Tom

--
_______________________________________________________________________
Tom Haws               Manager, Systems Administration
trh timberline ca      Timberline Forest Inventory Consultants
Tel: (250) 562-2628    1579 9th Ave, Prince George, B.C. Canada V2L 3R8
Fax: (250) 562-6942    http://www.timberline.ca
_______________________________________________________________________






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]