Re: shadow and nis
Behan Webster writes:
> For the life of me I can not seem to get nis to work with shadow
> passwords. I can get each to work seperately, but not together.
> Can anyone with experience with using these two together please
> explain how to set it up properly? I'm stumped.
Yes, apparently the clients don't bother to look up the shadow map (or maybe
there's a protocol error), the error messages are something like "user foo
doesn't have a password".
What I did was install shadow in _all_ machines. In the server, I put the
NIS source password & group files in /var/etc (remember to turn off rx
permission for others in that dir and adjust /var/yp/Makefile).
Then you have to configure /etc/ypserv.conf so that ypserv mangles the
encrypted password field in the passwd* maps if the client comes from a port >
1024.
Put + entries in the cilents' (and server) passwd & group files. You'll also
need a custom adduser, btw.
Some things that break under this setup:
* 'finger' appears not to like getting an 'x' instead of the encrypted
password ('finger -m foo' works, 'finger foo' only works if you're root).
* yppasswdd wasn't compiled with shadow support, so you can't use yppasswd to
change a user's password from your root shell (unless you recompile).
--
Adriano
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: