Sorry it took so long to get back to this. I was pulled off on another project. You were right though, not that that was any surprise to you ;-). I went back and did it again with a sniffer on it and it made the yp call. I'm not sure why that was failing before. I was also fooling around with pam_cracklib and password change requirements and maybe I was failing for other reasons. One thing I noted though was that nis only reads the first 8 characters of the password when authenticating. Is that something that can be set? The only other issue left from above is the password aging. Can that be done through pam? Thanks for setting me straight.On Fri, 22 Apr 2005, Ted Beaton wrote:
Jan Rekorajski wrote:
On Fri, 22 Apr 2005, Ted Beaton wrote:
Does anyone know how to get NIS to use pam for password strength checking and password aging? All I've been able to get it to do is use pam for authentication/login.
There is a 'nis' option to pam_unix.so, so you can just use pam on clients as usual, just tell pam_unix in password section to do the change via NIS.
Jan
Are you talking about the following line in the /etc/pam.d/system-auth file?
<<password sufficient /lib/security/$ISA/pam_unix.so use_authtok md5 shadow nis>>
My testing has shown that all this does is tell the client machine to use the nis files on the nis server for authentication.
Nope. I wrote this code, and all it does is change password via NIS. Authentication token retrieval and all that is done with nss_nis from glibc :)
When the user on the client machine runs yppasswd to change their password, pam never even gets involved.
Don't use yppasswd, use normal passwd program. It will use YP call's (via PAM) to change the password if 'nis' option is present.
Jan
All information contained in this email is confidential and may be used by the intended recipient only.
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list