I followed
https://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords in
order to migrate our NIS installation, and for the most part it worked. The
server responds to ypcat from the NIS clients, and users can log in.
However, I'm seeing a couple of weird issues. Normally, ypcat returns
"username:cryptpass:uid:gid:gecos:homedir:shell"  for users and
authentication works fine. For new users that were added directly to IPA,
instead of the cryptpass, I see an asterisk(*), which is also
understandable. However, for a couple of migrated users, I'm seeing that
their cyrptpasses have also been replaced with *s (in ypcat's output) over
the course of time. This creates problems for authentication on clients
that haven't been migrated, and they can't log in with their passwords.
These users didn't explicitly call kinit or go to the webui for migration.
Is it normal for the crypt passes to be replaced by *? I migrated a couple
of clients, and these users would have sshed to the migrated clients or
possibly to the server. That didn't seem to affect ypcat's behaviour
directly, and yet that is the only thing I can think of that has any
connection to this.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to