by We have setup an AIX 4.3.3 box as a NIS+ server and want to hang a
number of AIX 4.3.3 NIS+ clients from it. Authentication is working via
NISPLUS.
Login of NIS+ users on both clients and servers does not recognise the
password expiry fields in the NIS+ passwd.org_dir table. This is true
for all methods of login, including dtlogin, telnet, rlogin, login and
ftp.
NIS+ user authentication itself is functioning correctly and the
"nisdefaults" correctly shows that valid principle credentials have been
authenticated.
The /etc/security/user file's default stanza contains:
SYSTEM="NISPLUS"
registry=NISPLUS
The /usr/lib/security/methods.cfg contains the bos.net.nisplus provided
entry "NISPLUS".
Running "dtlogin -debug 3" shows that the system call "passwdexired()"
returns return code 0, indicating that the password has NOT expired when
the following user shadow entry contains:
"11000:0:30:6:-1:-1:0"
The passwd lastchg field of 11000 is much older than the specified
MAXAGE of 30 days and as such should be expiring the password.
Testing has shown that the MINAGE field of the shadow column is also
being ignored.
However the Account Expire Date field in passwd.org_dir is being
honoured correctly!
We have a specific requirement for NIS+ account password expiry.
AIX oslevel = 4.3.3.0
bos.net.nisplus = 4.3.3.10
The latest AIX update CD (04/2000) has been applied. The workaround for
IY11461 re the /etc/security/user registry=NISPLUS has been implemented,
see above.
Can anybody please shed some light on this, perhaps explain why this is
happening? - am I doing something wrong etc?
Regards,
G.L. Bevan.
Sent via Deja.com http://www.deja.com/
Before you buy.