Resolved (sorta): RHL9 NIS+ client to Solaris server

Tom Haws <trh@xxxxxxxxxxxxx> · Fri, 19 Sep 2003 14:29:00 -0700

Well, authenticating from my RHL9 client to a Solaris NIS+ master works 
now, but I'm darned if I know why.  Just to close off this thread, 
here's what I did:

- downloaded and installed nis-utils from http://www.linux-nis.org
- on the Solaris master:

/usr/lib/nis/nisclient -co my_rhl_client_name

- on the RHL9 client:

domainname my.domain.name.
nisinit -c -H my_solaris_masters_name
keylogin -r

- I could now do a niscat and see the NIS+ maps, but couldn't login as a 
NIS+ user

- this is the point that I posted my original question

- got one reply from Tom Cross (thanks!) saying use authconfig to enable 
NIS.

- I had already done that, but I used authconfig to turn on and off NIS 
support several times, neither way seemed to make a difference.

- on the RHL9 client, I compiled and installed pam_unix2.so, as per the 
instructions at http://www.linux-nis.org/nis-howto/HOWTO/nisplus.html

- but I didn't know where to put it in the /etc/pam.d files, so I posted 
another question to the pam-list (to which I recevied no replies)

- after much experimentation (ie blind guessing), this is what I ended 
up with for pam files:

/etc/pam.d/login:

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     /lib/security/pam_unix2.so       set_secrpc
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

/etc/pam.d/rlogin:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     pam_nologin.so
auth       required     pam_securetty.so
auth       required     /lib/security/pam_unix2.so       set_secrpc
auth       required     pam_env.so
auth       sufficient   pam_rhosts_auth.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

/etc/pam.d/system-auth (I did not hand-edit this one, so I suspect 
my playing with authconfig made the changes):

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so
password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

Nothing changed, until I rebooted, then magically it worked. 
Unfortunately my careful, methodical troubleshooting methods were long 
gone by then, and I was just shotgunning the changes because nothing was 
working, so I don't know what made it stick... perhaps the /etc/pam.d 
changes need a reboot?  I don't know enough about Linux's authentication 
processes to know for sure.

Oh well, at least it works now.  Hope this helps someone else out....

-Tom

--
_______________________________________________________________________
Tom Haws               Manager, Systems Administration
trh@xxxxxxxxxxxxx      Timberline Forest Inventory Consultants
Tel: (250) 562-2628    1579 9th Ave, Prince George, B.C. Canada V2L 3R8
Fax: (250) 562-6942    http://www.timberline.ca
_______________________________________________________________________

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list