I'd look at /etc/nsswitch.conf, have it use NIS for passwd. I set up a
mail server like that, except with LDAP and Postfix. Postfix checks LDAP
for valid users and aliases. /etc/pam.d/{imap,pop} will use pam_ldap and
pam_unix. Everything else only uses pam_unix, so only administrators can
ssh in, for example. And /etc/nsswitch.conf is set to use LDAP and files
for passwd and shadow, to make everyone "real" users. An 'ls -l' of /home
shows everyone's homedir properly owned, and regular filesystem quotas
work for limiting mailbox sizes.
This is a single-domain system. This approach, of course, probably
wouldn't work with virtual domains.
At any rate, I hope this is useful. Let me know if you have more
questions.
On Wed, 27 Aug 2003, Jack Bates wrote:
> Thanks, that does work. I'd just rather not edit /etc/passwd. I'd
> prefer a solution like Exim's, which communicates directly with NIS. I
> gather there are no PAM modules which communicate directly with NIS?
>
> Jack
>
> > On Tue, 26 Aug 2003, Jack Bates wrote:
> >
> >> I don't use NIS for login. I run ypbind to enable SMTP authentication
> >> in Exim, which doesn't use PAM. I would now like to enable
> >> authentication via NIS in Cyrus IMAPd, which can be configured to use
> >> PAM. I can't figure out which module to use. Someone recommended
> >> pam_unix with the nis option, but I still can't authenticate as an NIS
> >> user who can't also login. Any suggestions?
> >
> > Does setting the shell to /bin/false work?
> >
> > --
> > Caution: Product will be hot after heating
>
>
> _______________________________________________
>
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
>
>
--
Marshal Newrock, unemployed Linux user in Lansing, MI
Caution: Product will be hot after heating
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
