They are authenticated using CRYPT passwords. i.e. Even after a user is
disabled in ipa, it's entry is still visible in ypcat passwd on the

On Wed, Jan 13, 2016 at 4:17 PM, Alexander Bokovoy <>

> On Wed, 13 Jan 2016, Prasun Gera wrote:
>> I think I've solved this. I don't know what or who enabled it, but for
>> some
>> reason the original NIS service (ypserv) was running on the server. That
>> was taking precedence over ipa's fake NIS, and causing problems. I have
>> now
>> deleted the maps and commented them out in the Makefile so that it doesn't
>> get enabled accidentally again.
>> I do see another problem though. In an attempt to clean up a lot of old
>> users, I have disabled them in the webui. This works for ipa clients and
>> access is denied, but the users can still log in on the old NIS clients.
>> Is
>> this a known limitation ?
> How they are authenticated on the NIS clients? FreeIPA does not provide
> shadow map.
> --
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to