Hi Konrad,

This works...:^) Thanks.

This means, the libraries on Linux do not understand shadow passwords on NIS. Thus, if 
I want to use shadow passwords with a Linux Machine, I have to expose them to clients. 
There is a possibility that I could delete or hide the binary ypcat from allowing 
users to see it, but that does not disallow any of the users to compile their own 
version and retrieve sensitive information. Could this be classified as a security 

Has anyone tried compiling the bsd yp tools on linux, or tried to port them???


>>> Konrad Heuer <[EMAIL PROTECTED]> 03/10/03 19:50 PM >>>
On Mon, 10 Mar 2003, Neeraj Arora wrote:

> Hi Geeks, Girls and Guys,
> ...:^)
> I am having a little problem setting up a debian client to derive login data from a 
> freebsd nis server. There is no problem when the freebsd nis server interacts with 
> freebsd clients, but there is a problem when it interacts with a debian gnu/linux 
> client.
> The authentication works when I force a password in the /etc/passwd file on the 
> debian gnu/linux system. E.g.:
> +login_whatever:$1$blahblahblah:::::/bin/bash
> +::::::/bin/bash
> But, it does not work when the password has to be sourced from the nis server (viz. 
> a freebsd machine). I confirmed that both are communicating/operating on nis v2. And 
> moreover, the password on the freebsd server are stored in md5 too.
> So, I dont seem to understand what the problem may be.
> Any help will be great...:)
> Regards,
> Neeraj
> N.B.: I am a freebsd devotee and thus posting this to the
> freebsd-questions mailing list. I might try debian mailing lists too,
> but first here...:)

Look into /var/yp/Makefile for something looking like this:

# If you want to use a FreeBSD NIS server to serve non-FreeBSD clients
# (i.e. clients who expect the password field in the passwd maps to be
# valid) then uncomment this line. This will cause $YPDIR/passwd to
# be generated with valid password fields. This is insecure: FreeBSD
# normally only serves the master.passwd maps (which have real encrypted
# passwords in them) to the superuser on other FreeBSD machines, but
# non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX,
# etc...) will only work properly in 'unsecure' mode.

You probably have to set UNSECURE equal to True and to rebuild the maps.


Konrad Heuer ([EMAIL PROTECTED])  ____            ___  _______
GWDG                           / __/______ ___ / _ )/ __/ _ \
Am Fassberg                   / _// __/ -_) -_) _  |\ \/ // /
37077 Goettingen             /_/ /_/  \__/\__/____/___/____/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to