NIS and PAM

Nathan Yocom nate at yocom.org
Sat Dec 25 11:54:02 UTC 2004


In my experience, when using passwd: nis files in nsswitch.conf, running 
'passwd' actually uses the PAM stack to change the password then sets 
the password against NIS as well.  Admittedly this was with a Solaris 
system and some time ago though, but maybe you need to try the other 
direction? (i.e. get passwd/PAM to use NIS rather than get NIS/yppasswd 
to use PAM)

Nate

Ted Beaton wrote:

>Does anyone know how to force yppasswd to go through pam_cracklib.so?  I am
>building a small lan that can be classified or unclassified depending on
>which set of removable drives are put in the machines.  It's a convoluted
>path that led me to this set up but the bottom line is, without
>pam_cracklib.so I don't know how to enforce the required complexity of
>passwords and I haven't been able to figure out how to get yppasswd to use
>pam_cracklib.so.  My understanding is yppasswd on the client just talks
>directly to the NIS server which updates it's own password databases and it
>bypasses pam completely.  Or is there some other module or method by which I
>can do this?  My fall back is make it so no one can change the passwords but
>me but I have a feeling the Defense Security Service would prefer it was
>enforced by an application.
>
>Ted
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
>  
>




More information about the Pam-list mailing list