I hav'nt tried under RHL9, I had it working under RHL8.
Make sure your clocks are synced. The nisplus client doesnt like a drift of more than 3 min.
-magnus
Tom Haws wrote:
Well, authenticating from my RHL9 client to a Solaris NIS+ master works now, but I'm darned if I know why. Just to close off this thread, here's what I did:
- downloaded and installed nis-utils from http://www.linux-nis.org - on the Solaris master:
/usr/lib/nis/nisclient -co my_rhl_client_name
- on the RHL9 client:
domainname my.domain.name. nisinit -c -H my_solaris_masters_name keylogin -r
- I could now do a niscat and see the NIS+ maps, but couldn't login as a NIS+ user
- this is the point that I posted my original question
- got one reply from Tom Cross (thanks!) saying use authconfig to enable NIS.
- I had already done that, but I used authconfig to turn on and off NIS support several times, neither way seemed to make a difference.
- on the RHL9 client, I compiled and installed pam_unix2.so, as per the instructions at http://www.linux-nis.org/nis-howto/HOWTO/nisplus.html
- but I didn't know where to put it in the /etc/pam.d files, so I posted another question to the pam-list (to which I recevied no replies)
- after much experimentation (ie blind guessing), this is what I ended up with for pam files:
/etc/pam.d/login:
#%PAM-1.0 auth required pam_securetty.so auth required /lib/security/pam_unix2.so set_secrpc auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so
/etc/pam.d/rlogin:
#%PAM-1.0 # For root login to succeed here with pam_securetty, "rlogin" must be # listed in /etc/securetty. auth required pam_nologin.so auth required pam_securetty.so auth required /lib/security/pam_unix2.so set_secrpc auth required pam_env.so auth sufficient pam_rhosts_auth.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth
/etc/pam.d/system-auth (I did not hand-edit this one, so I suspect my playing with authconfig made the changes):
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
Nothing changed, until I rebooted, then magically it worked. Unfortunately my careful, methodical troubleshooting methods were long gone by then, and I was just shotgunning the changes because nothing was working, so I don't know what made it stick... perhaps the /etc/pam.d changes need a reboot? I don't know enough about Linux's authentication processes to know for sure.
Oh well, at least it works now. Hope this helps someone else out....
-Tom
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
