In my experience, when using passwd: nis files in nsswitch.conf, running
'passwd' actually uses the PAM stack to change the password then sets
the password against NIS as well. Admittedly this was with a Solaris
system and some time ago though, but maybe you need to try the other
direction? (i.e. get passwd/PAM to use NIS rather than get NIS/yppasswd
to use PAM)
Nate
Ted Beaton wrote:
Does anyone know how to force yppasswd to go through pam_cracklib.so? I am
building a small lan that can be classified or unclassified depending on
which set of removable drives are put in the machines. It's a convoluted
path that led me to this set up but the bottom line is, without
pam_cracklib.so I don't know how to enforce the required complexity of
passwords and I haven't been able to figure out how to get yppasswd to use
pam_cracklib.so. My understanding is yppasswd on the client just talks
directly to the NIS server which updates it's own password databases and it
bypasses pam completely. Or is there some other module or method by which I
can do this? My fall back is make it so no one can change the passwords but
me but I have a feeling the Defense Security Service would prefer it was
enforced by an application.
Ted
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
