Re: problem with nis and shadow
On Mon, 19 Jan 1998, Jens B. Jorgensen wrote:
> I also tried to set up shadow passwords with NIS and couldn't get it to work.
> I downloaded the libc source and could see that shadow passwords aren't
> implemented with regular NIS. It really isn't too surprising though since
> with regular NIS, it's easy for any machine on the network to get whatever
> maps it wants, therefore having "shadow" map doesn't really do you any good.
> Watch for this feature when NIS+ is supported (which supports
> authentication).
>
>
> --
> Jens B. Jorgensen
> jjorgens@bdsinc.com
After doing a lot more research it isn't supported under libc5 but is
supported in libc6. I decided to upgraed to hamm, (because my video card
was supported in the new version of xfree) and saw this note in the NIS
documentation. I haven't tried it yet but plan to soon.
Are there any other ways to securely share the password/shadow files over
multiple systems besides NIS? I was thinking of rcp'ing/secure rcp the
files over to the other machines once a day or so.
4. SHADOW PASSWORDS
The Linux libc5 does not support shadow NIS maps. If you are dependant
on libc5 applications, do not use shadow NIS maps. Instead you can use
the method below:
4.1 SHADOW-LIKE SECURITY
You can provide shadow-like security by "mangling"
the password for NIS lookups of pasword-file entries. Read the
manpage
for "ypserv.conf" and read the comments in the sample
/etc/ypserv.conf.
4.2 REAL SHADOW SUPPORT
Libc6 has real shadow support for NIS builtin. It works like you
would
expect; export the shadow map from the NIS server and just use it.
The shadow map should be built with the "-s" (secure) option to
makedbm. This is automatic in all modern /var/yp/Makefile files.
--
kaveh@idream.com
anything is possible except for skiing through a revolving door.
it's kinda fun to do the impossible
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: