Sorry, I posted from the wrong address _twice_. -----Forwarded Message----- From: Andrea Dell'Amico <adellam@sevenseas.org> To: pam-list@redhat.com Subject: Re: Re: redhat nis client, freebsd nis server Date: 22 Nov 2002 22:21:01 +0100 On Fri, 2002-11-22 at 21:51, Greg Adams wrote: > The ypmatch returned a line similar to what you put in your message, but > the password is shadowed. After doing some more reading, it seems that > Pam/RedHat doesn't support shadow passwords over nis, so I'm planning on > changing the maps so the passwords aren't shadowed. Does this sound right? You can make it work. I answered to your first mail but from a wrong address, repost quoting your original message: > I'm trying to set up a Redhat 7.2 machine to be an NIS client for a > FreeBSD 4.6 NIS server. I get output from ypcat, ypwhich, but > authentication always fails for nis profiles. I've already seen the > posts about pam_unix.so, and have changed to pam_pwdb.so in pam.d's > system-auth, login, rlogin, etc., with no success. It shouldn't be necessary. > > I get the following error messages in my /var/log/messages on the RH > system upon trying to ssh using an NIS profile named nistest, which has > a password of 8 plain characters: > > PAM_pwdb [11070]: authentication failure; (uid=0) -> nistest for sshd > service What kind of authentication are you using on the nis server? Based on that you will need to change some parameters in /etc/nsswitch.conf to use the "compat" maps (and add "+: at the end of /etc/passwd and /etc/group) on the clients and maybe generate a "shadow.byname" map on the nis server. This is an example from my configuration: /etc/nsswitch.conf: .... passwd: compat shadow: files nis group: compat .... /etc/passwd: .... +:::::: /etc/group: .... +: [adellam@altrove adellam]$ ypmatch adellam shadow.byname adellam:x:11607:0:99999:7:-1:-1:134548660 If I were root, I would seen the encrypted password instead of the "x" character. > > Thanks for your info.. > > Greg Adams > -- Andrea Dell'Amico - <mailto:adellam@sevenseas.org> Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide" _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
