- downloaded and installed nis-utils from http://www.linux-nis.org - on the Solaris master:
/usr/lib/nis/nisclient -co my_rhl_client_name
- on the RHL9 client:
domainname my.domain.name. nisinit -c -H my_solaris_masters_name keylogin -r
- I could now do a niscat and see the NIS+ maps, but couldn't login as a NIS+ user
- this is the point that I posted my original question
- got one reply from Tom Cross (thanks!) saying use authconfig to enable NIS.
- I had already done that, but I used authconfig to turn on and off NIS support several times, neither way seemed to make a difference.
- on the RHL9 client, I compiled and installed pam_unix2.so, as per the instructions at http://www.linux-nis.org/nis-howto/HOWTO/nisplus.html
- but I didn't know where to put it in the /etc/pam.d files, so I posted another question to the pam-list (to which I recevied no replies)
- after much experimentation (ie blind guessing), this is what I ended up with for pam files:
/etc/pam.d/login:
#%PAM-1.0 auth required pam_securetty.so auth required /lib/security/pam_unix2.so set_secrpc auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so
/etc/pam.d/rlogin:
#%PAM-1.0 # For root login to succeed here with pam_securetty, "rlogin" must be # listed in /etc/securetty. auth required pam_nologin.so auth required pam_securetty.so auth required /lib/security/pam_unix2.so set_secrpc auth required pam_env.so auth sufficient pam_rhosts_auth.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth
/etc/pam.d/system-auth (I did not hand-edit this one, so I suspect my playing with authconfig made the changes):
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so
Nothing changed, until I rebooted, then magically it worked. Unfortunately my careful, methodical troubleshooting methods were long gone by then, and I was just shotgunning the changes because nothing was working, so I don't know what made it stick... perhaps the /etc/pam.d changes need a reboot? I don't know enough about Linux's authentication processes to know for sure.
Oh well, at least it works now. Hope this helps someone else out....
-Tom
-- _______________________________________________________________________ Tom Haws Manager, Systems Administration trh@xxxxxxxxxxxxx Timberline Forest Inventory Consultants Tel: (250) 562-2628 1579 9th Ave, Prince George, B.C. Canada V2L 3R8 Fax: (250) 562-6942 http://www.timberline.ca _______________________________________________________________________
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list