On Mon, 23 Oct 2017 08:29:30 +0300 Alexander Bokovoy via FreeIPA-users <[email protected]> wrote:
> On su, 22 loka 2017, Harald Dunkel wrote: > > >My problem is, that authentication appears to be broken on > >all NIS clients (2 AIX 6.1 hosts). The problem came up on > >Friday, 2017-10-20 at about 10:00 or 11:00. > I'd suggest reviewing configuration on those boxes. As I said, there is > nothing in NIS protocol that could help you protecting the traffic with > certificates so certificate changes wouldn't be affecting you. > I did a review on the weekend. I wasn't thinking about certificates to authenticate the traffic between NIS client and server, but between the "regular" freeipa and freeipa's NIS support. Seems like NIS is much deeper integrated in freeipa than I expected. ypbind seems to work on AIX. ypcat -k passwd lists passwd entries without password hash. (AIX 6.1 does not support an /etc/shadow file, AFAICT, but the users are supposed to log in via ssh public key and .ssh/authorized_keys. This wasn't a problem in the past.) The problem I have now is that apparently authentication gets stuck completely. Even root cannot login on the console. To login I had to boot AIX in maintenance mode and disable NIS first. If I enable NIS again, then no login is possible. The AIX 7.1 hosts work fine (using LDAP and Kerberos). I never made LDAP/Kerberos work on AIX 6.1. Maybe I have to try harder to get rid of NIS completely. Thanx for your support Harri _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
