[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-net
Subject:    Re: yp stuff
From:       Agus Budy Wuysang <fswmis () rad ! net ! id>
Date:       1998-03-30 9:13:20
[Download RAW message or body]

Thorsten Kukuk wrote:
> 
> If you couldn't login with a libc5 without NYS, this is correct. If you
> couldn't login with libc5 and NYS, your /etc/nsswitch.conf is wrong.
> In /etc/nsswitch.conf, you need: shadow: files nis.
> Read the NIS-HOWTO.

Yes, I have read NIS-HOWTO, before I install NIS :)

First I tried:
shadow: compat, but failed

Second I tried:
shadow: nis files
this won't work too (obviously with NYS libc5),

From server side I did ypserv -d and my yp client
did request shadow.byname but it still refused user
login other than root. (root password is in /etc/shadow
on local machine, ie. not NIS).

In client syslog:
[date/time] login: no shadow password for `username' on ttyX
[date/time] login: invalid password for `username' on ttyX

I don't have `username' directly listed in /etc/passwd,
that user is within netgroup map. (ie. +@netgroupname::::),
so the shadow suite/libc5+NYS did query the NIS server
about passwd map *and* did ask for shadow.byname (ypserv -d
confirmed this).

So which package do you think is the guilty one?

Yes I have recompiled my shadow suite with NYS libc5 beforehand.

I haven't tried:
shadow: files nis
but I think this should be the same case as my 2nd attempt.

> Ok, but you haven't read the ypserv documentation and manuals.
> Read the ypserv.conf.5 manual page and change the configuration in
> /etc/ypserv.conf.

I have read ypserv.conf man page, and I know what those
mapping, port, and mangling stuffs do :)

As expected only root can see the password field...

>  > So my current solutions:
>  > 1. run shadow suite on the client without libc5 NYS.
>  > 2. build ypserv passwd.byname/byuid database
>  >    by turning off shadow (pwunconv).
>  > 3. build ypserv shadow.byname database by turning
>  >    shadow on (pwconv).
>  > 4. run shadow suite on the server without libc5 NYS.
> 
> If you put the passwords in the paasswd maps, why building the
> shadow.byname map then ?

Well just in case the newer libc5/NYS (or shadow suite)
did look for shadow.byname and use its password field,
instead of the one in passwd.byname map. :)

> ypserv is only a very stupid program: You ask for a database entry,
> ypserv will send it to you if it has it. ypserv knows anything about
> passwords, shadow or so.
> It would be bad if we change this, not every system ypserv is running
> on has the same passwd format.
> If there is a x in the password field of the passwd map, the libc has
> to get the shadow entry for this user.
> libc5/NYS and glibc does this correct, libc5 without NYS and
> PAM/libpwdb not.

No for my libc5/NYS/shadow combination, it did ask for shadow.byname
but it won't use its password field... hmmm

-- 
+---| Netscape Communicator 4.x |---| Powered by Linux 2.0.x |---+
|/v\ Agus Budy Wuysang                   MIS Department          |
| |  Phone:  +62-21-344-1316 ext 317     GSM: +62-816-917-066    |
+--------| http://www.rad.net.id/users/personal/s/supes |--------+
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

[prev in list] [next in list] [prev in thread] [next in thread]