problems with NIS/netgroups in potato
Today I upgraded a server from slink to potato - it's an internal
testing/intranet server. The upgrade went fairly well, but even though
I had done extensive tests on other servers first, I still came up
against problems.
The immediate problem on completing the upgrade of most packages was
that users were unable to log in via ssh using password
authentication. I thought this might be due to the new version of ssh,
but later, users accessing fileshares via Appletalk were unable to
authenticate either.
After a while, I realised the problem was down to NIS in some way. I
have one server (running slink currently) which has a central password
database shared via NIS (it does use shadow passwords). I also have a
netgroup specified, which contains users that are allowed to use the
intranet server.
Previously, the intranet server was set up as an NIS client, with the
following line in /etc/passwd
+@intra::::::
(similarly in /etc/shadow)
This allowed everyone in the intra group to be
authenticated. Somehow.. the various upgrades to libc/nis etc in
potato has broken this. I can still 'ypcat netgroup' and see the list
of users, but all attempts at logins via ssh or any other means
resulted in:
Aug 31 21:07:39 devon sshd[9063]: Failed password for xx
I solved the problem by explicitly naming each user in the password
files e.g.
+username::::::
Can anyone tell me if this problem can be fixed, or can I assume it
will be fixed when I upgrade my NIS master server to potato?
Thanks
--
Dafydd Tomos
Reply to: