I have a master + replica setup on RHEL 7.2 (ipa 4.2). When this was setup,
most of the clients were on NIS, and hence the nis compatibility and
migration mode was enabled. The NIS maps in use right now are passwd, group
and autofs. Passwords were set to CRYPT for this to work. I have managed to
join all the clients to ipa now. So I would like to disable the passwd
maps, or at least make them benign. I would also like to switch back to
SSHA for passwords, or whatever else is recommended. However, I don't want
to disable the other NIS maps yet. autofs doesn't work well on old clients
with sssd, and regularly gives trouble with new clients too. I think there
are some uses for the group map too. I think group and autofs aren't major
security issues right ?
How do I go about achieving this ? I have no experience with modifying ldap
files directly. If I have to modify files manually, do I have to do it on
the master and replica ?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project