Date: Thu, 17 Sep 1998 09:35:37 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: bcrosby@eos.EAST.HITC.COM Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NIS Question. Message-ID: <199809171635.JAA16886@pau-amma.whistle.com> In-Reply-To: <36001999.D2644A1A@eos.east.hitc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Wed, 16 Sep 1998 16:03:37 -0400 >From: Boris Crosby <bcrosby@eos.EAST.HITC.COM> >I am new to FreeBSD and have a question on setting up NIS in a sun >enviroment. So far I have been able to get my system to see the maps. >but I can't get users to login. I mave the "+::::::::" in my password >file as well as setup my rc.conf file. Any help with this would be >welcome. OK. The query should have been sent to freebsd-questions, rather than freebsd-newbies, so I'm Cc:ing -questions. (You had a Reply-To: that specified your address, so -newbies was automatically excluded from replies, by your request.) The issue is that Sun's NIS implementation has the encrypted passwords in the NIS passwd.byname & passwd.byuid maps; in contrast, the FreeBSD approach is to merely have placeholders for the encrypted passwords in those maps, and to have the encrupted passwords in some "special" maps. These maps (master.passwd.byname & master.passwd.byuid) are "special" in that: * "Traditional" NIS implementations never used them, and thus, never look for information in them. * Only processes running with an effective UID of 0 are permitted to access them (unless I got confused somewhere along the line). There is a comment in the /var/yp/Makefile that addresses this: # If you want to use a FreeBSD NIS server to serve non-FreeBSD clients # (i.e. clients who expect the password field in the passwd maps to be # valid) then uncomment this line. This will cause $YPDIR/passwd to # be generated with valid password fields. This is insecure: FreeBSD # normally only serves the master.passwd maps (which have real encrypted # passwords in them) to the superuser on other FreeBSD machines, but # non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX, # etc...) will only work properly in 'unsecure' mode. # #UNSECURE = "True" david -- David Wolfskill UNIX System Administrator dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809171635.JAA16886>