Password Strength and Aging checking w/NIS
Jan Rekorajski
baggins-pam at sith.mimuw.edu.pl
Fri Apr 22 18:31:12 UTC 2005
On Fri, 22 Apr 2005, Ted Beaton wrote:
>
>
> Jan Rekorajski wrote:
> >On Fri, 22 Apr 2005, Ted Beaton wrote:
> >
> >
> >>Does anyone know how to get NIS to use pam for password strength
> >>checking and password aging? All I've been able to get it to do is use
> >>pam for authentication/login.
> >
> >
> >There is a 'nis' option to pam_unix.so, so you can just use pam on
> >clients as usual, just tell pam_unix in password section to do the
> >change via NIS.
> >
> >Jan
>
> Are you talking about the following line in the /etc/pam.d/system-auth
> file?
>
> <<password sufficient /lib/security/$ISA/pam_unix.so use_authtok md5
> shadow nis>>
>
> My testing has shown that all this does is tell the client machine to
> use the nis files on the nis server for authentication.
Nope. I wrote this code, and all it does is change password via NIS.
Authentication token retrieval and all that is done with nss_nis from glibc :)
> When the user
> on the client machine runs yppasswd to change their password, pam never
> even gets involved.
Don't use yppasswd, use normal passwd program. It will use YP call's
(via PAM) to change the password if 'nis' option is present.
Jan
--
Jan Rękorajski | ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, MANIAC | -- TROOPS by Kevin Rubio
More information about the Pam-list
mailing list