On Fri, 22 Apr 2005, Ted Beaton wrote: > > > Jan Rekorajski wrote: > >On Fri, 22 Apr 2005, Ted Beaton wrote: > > > > > >>Does anyone know how to get NIS to use pam for password strength > >>checking and password aging? All I've been able to get it to do is use > >>pam for authentication/login. > > > > > >There is a 'nis' option to pam_unix.so, so you can just use pam on > >clients as usual, just tell pam_unix in password section to do the > >change via NIS. > > > >Jan > > Are you talking about the following line in the /etc/pam.d/system-auth > file? > > <<password sufficient /lib/security/$ISA/pam_unix.so use_authtok md5 > shadow nis>> > > My testing has shown that all this does is tell the client machine to > use the nis files on the nis server for authentication. Nope. I wrote this code, and all it does is change password via NIS. Authentication token retrieval and all that is done with nss_nis from glibc :) > When the user > on the client machine runs yppasswd to change their password, pam never > even gets involved. Don't use yppasswd, use normal passwd program. It will use YP call's (via PAM) to change the password if 'nis' option is present. Jan -- Jan Rękorajski | ALL SUSPECTS ARE GUILTY. PERIOD! baggins<at>mimuw.edu.pl | OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY? BOFH, MANIAC | -- TROOPS by Kevin Rubio _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list