On Mon, 15 Oct 2007 22:29:35 +0300, Manolis Kiagias wrote:
> Well I can tell you with certainty, it is not compatible out of the box,
> and I have not managed to make it work (though I must admit I did not
> put a lot of effort into this). Seems the exported master.passwd map
> needs a filename change + internal changes, thus the NIS Makefile needs
> to be modified. On the Linux side, the users are visible (e.g. you can
> run id <username> and the user is there) but they cannot login.
> If you Google "FreeBSD NIS Server Linux Clients" you will get some
> patches for the NIS Makefile to make it Linux compatible. I was not
> however successful with this. If you do try it and get it to work,
> please report back.
Linux doesn't normally use master.passwd.  If I recall correctly, it
uses /etc/shadow instead (but I don't have such a box at hand right now
to check).  And yes, the internal format is different (and, again, I don't
remember details).

This conversion, however, sounds like an ugly hack.  I'm thinking a
*correct* (tm) solution would be a pluggable authentication module (pam)
that could interpret the master.passwd file properly.  This would also
depend on Linux supporting the cryptography method used to encrypt the
passwords (perhaps it does, but I'm not sure).

What I wasn't realizing was that NIS operated by simply propagating
versions of master.passwd (and maybe passwd); while this will certainly
be interoperable between FreeBSD (and I think OpenBSD) systems, it is
clearly a problem with Linux and probably other UNIX-like OS's.

David Benfell, LCP
Resume available at http://www.parts-unknown.org/
NOTE: I sign all messages with GnuPG (0DD1D1E3).

Attachment: pgpA6BTi4TWOA.pgp
Description: PGP signature

Reply via email to