[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pam-list
Subject:    Re: Password Strength and Aging checking w/NIS
From:       Jan Rekorajski <baggins-pam () sith ! mimuw ! edu ! pl>
Date:       2005-04-22 18:31:12
Message-ID: 20050422183112.GS5552 () sith ! mimuw ! edu ! pl
[Download RAW message or body]

On Fri, 22 Apr 2005, Ted Beaton wrote:

> 
> 
> Jan Rekorajski wrote:
> >On Fri, 22 Apr 2005, Ted Beaton wrote:
> >
> >
> >>Does anyone know how to get NIS to use pam for password strength 
> >>checking and password aging?  All I've been able to get it to do is use 
> >>pam for authentication/login.
> >
> >
> >There is a 'nis' option to pam_unix.so, so you can just use pam on
> >clients as usual, just tell pam_unix in password section to do the
> >change via NIS.
> >
> >Jan
> 
> Are you talking about the following line in the /etc/pam.d/system-auth 
> file?
> 
> <<password sufficient /lib/security/$ISA/pam_unix.so use_authtok md5 
> shadow nis>>
> 
> My testing has shown that all this does is tell the client machine to 
> use the nis files on the nis server for authentication.

Nope. I wrote this code, and all it does is change password via NIS.
Authentication token retrieval and all that is done with nss_nis from glibc :)

> When the user 
> on the client machine runs yppasswd to change their password, pam never 
> even gets involved.

Don't use yppasswd, use normal passwd program. It will use YP call's
(via PAM) to change the password if 'nis' option is present.

Jan
-- 
Jan Rêkorajski            |  ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl   |  OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, MANIAC              |                   -- TROOPS by Kevin Rubio

_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]