On Mon, 23 Oct 2017 08:29:30 +0300
Alexander Bokovoy via FreeIPA-users <freeipa-users@lists.fedorahosted.org> 
wrote:

> On su, 22 loka 2017, Harald Dunkel wrote:
> 
> >My problem is, that authentication appears to be broken on
> >all NIS clients (2 AIX 6.1 hosts). The problem came up on
> >Friday, 2017-10-20 at about 10:00 or 11:00.  
> I'd suggest reviewing configuration on those boxes. As I said, there is
> nothing in NIS protocol that could help you protecting the traffic with
> certificates so certificate changes wouldn't be affecting you.
> 

I did a review on the weekend. I wasn't thinking about certificates to
authenticate the traffic between NIS client and server, but between 
the "regular" freeipa and freeipa's NIS support. Seems like NIS is 
much deeper integrated in freeipa than I expected.

ypbind seems to work on AIX. ypcat -k passwd lists passwd entries 
without password hash. (AIX 6.1 does not support an /etc/shadow file, 
AFAICT, but the users are supposed to log in via ssh public key and 
.ssh/authorized_keys. This wasn't a problem in the past.)

The problem I have now is that apparently authentication gets stuck 
completely. Even root cannot login on the console. To login I had
to boot AIX in maintenance mode and disable NIS first. If I enable
NIS again, then no login is possible.

The AIX 7.1 hosts work fine (using LDAP and Kerberos). I never made 
LDAP/Kerberos work on AIX 6.1. Maybe I have to try harder to get rid 
of NIS completely.


Thanx for your support
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to