Re: shadow and nis
Jens B. Jorgensen wrote:
>
> as the last line of /etc/passwd. Now, the Sun also has shadow passwords,
> and it's NIS (NIS+ actually) is set up to handle this. To get it to
> work I had to build the maps *with* passwd info included, like thus
> on the sun:
>
> /usr/lib/nis/nisaddent -p -f /etc/passwd.net passwd
Hmm. That's an idea. I could run shadow and then build a non-shadow
passwd file from which to update nis. That might work. How does
one combine the passwords from /etc/shadow with the entries in
/etc/passwd into a third file I wonder. This may be a job for a
quick sh or perl script. I'll hack one together if no one has a
better idea.
> with the '-p' telling it to go ahead and include the password
> field. I tried to use shadow in the maps, but no luck. NOTE: this
> matters little anyway since NIS (as opposed to NIS+) will give up
> *any* map to *anyone* who asks for it. Thus NIS exposes you to
> the same problems as non-shadow passwords. Ooops, I didn't mention
> it before but I *am* using shadow passwords on the debian box too.
Not entirely true. If you set up /etc/ypserv.conf properly, normal
users will get "shadowed" passwords from the ypcommands, but root
will get the real entry. (There are comments in /etc/ypserv.conf
on how to do it). Not quite completely secure, but better than
nothing.
e.g.
root# ypmatch user passwd
user:k9xUnxmXGdzGM:1000:100:Joe user:/home/user:/bin/sh
root# su - user
user% ypmatch user passwd
user:x:1000:100:Joe user:/home/user:/bin/sh
> I guess we'll just have to wait for the nis+ support coming with glibc.
> Doh.
I understand that someone is also working on an nis+ deiban package?
I look forward to nis+ support in Debian too!
Thanks!
Behan
--
Behan Webster mailto:behanw@verisim.com
+1-613-224-7547 http://www.verisim.com/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: