Board index Unix Admin

HELP: NIS and shadow passwd under Solaris 2.5.x

HELP: NIS and shadow passwd under Solaris 2.5.x

Post by stealt » Mon, 23 Mar 1998 04:00:00



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am a jr sysadmin at a UNIX installation running Solaris 2.5-2.5.1
and IRIX 5.2-6.4. We are using NIS (plain NIS, not NIS+) servers,
master and slaves, on Sun stations.

The senior admin says he has had trouble getting shadow password to
work with the NIS setup. He said something about he can't get shadow
password to work on NIS in "distributed mode", or something like that.
Anyway, he seems to have given up on it.

Can anyone tell me what issues one must face when trying to
get password shadowing and NIS to work with Solaris 2.5 machines?

I think the NIS setup here is pretty basic. The password file that we
edit is in /var/yp/src, we do use the yppasswd command, root uses the
password file on each local machine, and all other users get their
password from /var/yp/src/passwd on the NIS master server.

I have gone to the Sun docs page, but have found little information on
shadow password under NIS.

If anyone can give me some advice as to where to get the right tools
and information, I'll greatly appreciate it. Thanks!

- --

http://value.net/~stealth
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.5.5

iQA/AwUBNRXsKT5SiyYPiaHVEQJFkwCgtan9JbfxeHJPur7OUwJilclZh+MAnRN8
baFLyqXm3/TWHUyHVJVwZDea
=HVtg
-----END PGP SIGNATURE-----

 
 
 
Top

HELP: NIS and shadow passwd under Solaris 2.5.x

Post by Henry Won » Wed, 25 Mar 1998 04:00:00



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> I am a jr sysadmin at a UNIX installation running Solaris 2.5-2.5.1
> and IRIX 5.2-6.4. We are using NIS (plain NIS, not NIS+) servers,
> master and slaves, on Sun stations.

> The senior admin says he has had trouble getting shadow password to
> work with the NIS setup. He said something about he can't get shadow
> password to work on NIS in "distributed mode", or something like that.

> Anyway, he seems to have given up on it.

> Can anyone tell me what issues one must face when trying to
> get password shadowing and NIS to work with Solaris 2.5 machines?

> I think the NIS setup here is pretty basic. The password file that we
> edit is in /var/yp/src, we do use the yppasswd command, root uses the
> password file on each local machine, and all other users get their
> password from /var/yp/src/passwd on the NIS master server.

   I'm assuming you are using AdminSuite to create a NIS user account
that resides on a remote NIS server.  Sun has admitted that their
AdminSuite product does not handle shadow file on Solaris because it's
designed originally for SUNOS and SUNOS doesn't have shadow file. The
workaround I can think of is to run "pwconv" on the NIS master after
adding a user.  This will synchronize the passwd and shadow files.  You
can write a shell script that will rlogin to the NIS server and run
pwconv.  You can specify the script as a post-add task in User Manager.

 
 
 
Top

HELP: NIS and shadow passwd under Solaris 2.5.x

Post by Sean Aaro » Tue, 31 Mar 1998 04:00:00



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> I am a jr sysadmin at a UNIX installation running Solaris 2.5-2.5.1
> and IRIX 5.2-6.4. We are using NIS (plain NIS, not NIS+) servers,
> master and slaves, on Sun stations.

> The senior admin says he has had trouble getting shadow password to
> work with the NIS setup. He said something about he can't get shadow
> password to work on NIS in "distributed mode", or something like that.
> Anyway, he seems to have given up on it.

> Can anyone tell me what issues one must face when trying to
> get password shadowing and NIS to work with Solaris 2.5 machines?

To my knowledge shadow DOESN'T work under NIS, only under NIS+.  

--
Sean Aaron
Systems Administrator
The Dialog Corporation, plc.

 
 
 
Top

HELP: NIS and shadow passwd under Solaris 2.5.x

Post by Michael Martine » Wed, 01 Apr 1998 04:00:00





> To my knowledge shadow DOESN'T work under NIS, only under NIS+.  

It seems to me that you have to have NIS compiled into the kernel even if
you're not running ypbind
in order for the system calls that verify passwds to work, because I can
get shadow passwds to work on my machines that have NIS compiled even when
they aren't running ypbind, and cannot get them to work otherwise.

-mike

 
 
 
Top

1. changing passwd on NIS server updates /etc/shadow only and not shadow.byname map

Platform: Suse Linux Professional 9.1

Changing a passwd on an NIS client using the passwd command works
fine.  The /etc/shadow and shadow.byname map gets updated on the NIS
server machine.

However, changing a passwd on the NIS server using the passwd command
only updates the /etc/shadow file.  The shadow.byname map does not get
updated.  The only way I can think of to fix this is to set up a cron
job to periodically run
make -C /var/yp

I am using Thorsten Kukuk's pam_unix2.so module which is suppose to be
 "clever" enough to find out whether the account it's dealing with is
local or NIS but it does not appear to work.

Any idea what's wrong?

2. source for 'file' command?

3. Convert NIS passwd back to standard /etc/passwd & /etc/shadow

4. Help Me Choose A Complete Linux System!

5. Solaris 2.3 NIS+ Upgrade to Solaris 2.5 NIS+ Question!

6. Out Of Band, obselete?

7. NIS+ users can read shadow from nis+ passwd table

8. What GNU Tutorials would you attend?

9. Some trouble in Solaris passwd and shadow (NIS)

10. HELP: Linux with shadow passwd as NIS client for SUNOS 4.1.3

11. Secure NFS under Solaris 2.5/2.5.1 without NIS/NIS+ ?

12. Solaris 2.3 w/NIS+ Upgrade to 2.5 w/ NIS+ (Master Server)?

13. NIS+ (Solaris 2.5) / NIS Emulation for AIX 3.2.5


All times are UTC
Board index