Sorry... That came out wrong. In order to prevent other machines from guesing your NIS domain name and dl'ing your shadow file you have to use NIS+.
On Thu, 25 Oct 2001, Eric J. Pinnell wrote: > to use encrypted passwords over NIS you have to use NIS+ which is a real, > real pain in the ass. > > -e > > > > On Thu, 25 Oct 2001, jay wrote: > > > er, i don't think solaris supports shadow passwords over NIS. > > neither does PAM, i believe. > > > > NIS between platforms is pretty much a huge pain in the ass unless > > the NIS master is a solaris box. > > > > =jay > > > > On Wed, 24 Oct 2001, John Hunter wrote: > > > > > > > > I am using solaris 8 as an NIS passwd and group client of an RHL 7.1 > > > ypserver. All the linux clients are happy, but I cannot log into the > > > solaris box with any of the ypserv-ed users. > > > > > > My first hurdle has been to remove md5 since I have learned this is a > > > source of incompatibility. I ran the program authconfig on the linux > > > server to deselect md5 passwords and then changed the password of one > > > of the users so it would be encrypted with the normal UNIX crypt, then > > > rebuilt the yp databases. I don't think there is anyway to convert > > > existing passwords, but I have few enough users that I can change the > > > passwords. > > > > > > This appears to work, when I look at /etc/shadow, all the old md5 > > > password entries start with $1$ and the new password entries look more > > > like conventional unix crypt strings. > > > > > > But I still can't log in as a user on the solaris box. > > > > > > ypcat on the solaris box shows the correct user/password entries (the > > > same ones that the linux clients get) so it is clearly recognizing the > > > ypserver. The passwd and group entries in nsswitch.conf look like: > > > > > > passwd: files nisplus nis > > > group: files nisplus nis > > > > > > (Anybody know if RHL 7.1 ypserv runs NIS or NIS+? The man pages seem > > > to indicate NIS but it is not conclusive. > > > > > > Sample output of 'ypcat passwd' on the solaris client looks like: > > > ace:~> ypcat passwd > > > user1:$1$P/DDWAP$POqXzO/iahjwAJNQJUdJ:503:1000::/home/user1:/bin/tcsh > > > user2:Jhsw3Jhd4Isjd:501:1000::/home/user2:/bin/tcsh > > > > > > user1 was created with md5 enabled and user2 after I disabled it. > > > > > > ace:~> ypcat group > > > guests:!:1001:user1,user2 > > > members:!:1000: > > > > > > /home is NFS mounted from the ypserver. > > > > > > I am running out of hypotheses about why this is failing. One > > > remaining idea is that the presence of any md5 passwords is causing > > > solaris to reject authentication of any of the users. Another is that > > > shadow passwords are causing some problem. Something with PAM on the > > > solaris box? Is there a problem with the user id range? I think > > > solaris makes the user IDs quite high. > > > > > > Any suggestions about where to look for logs on servers or clients, or > > > is there a debug mode? Right now I am not finding any information > > > about attempted connections, successful or otherwise, on either server > > > or host. > > > > > > Thanks (again), > > > John Hunter > > > > > > > > > > > > > > >
