[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

problems with NIS/netgroups in potato



Today I upgraded a server from slink to potato - it's an internal
testing/intranet server. The upgrade went fairly well, but even though
I had done extensive tests on other servers first, I still came up
against problems.

The immediate problem on completing the upgrade of most packages was
that users were unable to log in via ssh using password
authentication. I thought this might be due to the new version of ssh,
but later, users accessing fileshares via Appletalk were unable to
authenticate either.

After a while, I realised the problem was down to NIS in some way. I
have one server (running slink currently) which has a central password
database shared via NIS (it does use shadow passwords). I also have a
netgroup specified, which contains users that are allowed to use the
intranet server.

Previously, the intranet server was set up as an NIS client, with the
following line in /etc/passwd

+@intra::::::

(similarly in /etc/shadow)

This allowed everyone in the intra group to be
authenticated. Somehow.. the various upgrades to libc/nis etc in
potato has broken this. I can still 'ypcat netgroup' and see the list
of users, but all attempts at logins via ssh or any other means
resulted in:

Aug 31 21:07:39 devon sshd[9063]: Failed password for xx

I solved the problem by explicitly naming each user in the password
files e.g.

+username::::::

Can anyone tell me if this problem can be fixed, or can I assume it
will be fixed when I upgrade my NIS master server to potato?

Thanks
-- 
Dafydd Tomos



Reply to: