Date: Tue, 11 Mar 2003 13:24:15 +1100 From: "Neeraj Arora" <Neeraj.Arora@ems.rmit.edu.au> To: <kheuer2@gwdg.de> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: freebsd nis server with debian clients Message-ID: <se6de398.004@ems.rmit.edu.au>
next in thread | raw e-mail | index | archive | help
Hi Konrad, This works...:^) Thanks. This means, the libraries on Linux do not understand shadow passwords on = NIS. Thus, if I want to use shadow passwords with a Linux Machine, I have = to expose them to clients. There is a possibility that I could delete or = hide the binary ypcat from allowing users to see it, but that does not = disallow any of the users to compile their own version and retrieve = sensitive information. Could this be classified as a security hole??? Has anyone tried compiling the bsd yp tools on linux, or tried to port = them??? Regards, Neeraj >>> Konrad Heuer <kheuer2@gwdg.de> 03/10/03 19:50 PM >>> On Mon, 10 Mar 2003, Neeraj Arora wrote: > Hi Geeks, Girls and Guys, > > ...:^) > > I am having a little problem setting up a debian client to derive login = data from a freebsd nis server. There is no problem when the freebsd nis = server interacts with freebsd clients, but there is a problem when it = interacts with a debian gnu/linux client. > > The authentication works when I force a password in the /etc/passwd file = on the debian gnu/linux system. E.g.: > +login_whatever:$1$blahblahblah:::::/bin/bash > +::::::/bin/bash > > But, it does not work when the password has to be sourced from the nis = server (viz. a freebsd machine). I confirmed that both are communicating/op= erating on nis v2. And moreover, the password on the freebsd server are = stored in md5 too. > > So, I dont seem to understand what the problem may be. > > Any help will be great...:) > > Regards, > Neeraj > > N.B.: I am a freebsd devotee and thus posting this to the > freebsd-questions mailing list. I might try debian mailing lists too, > but first here...:) Look into /var/yp/Makefile for something looking like this: # If you want to use a FreeBSD NIS server to serve non-FreeBSD clients # (i.e. clients who expect the password field in the passwd maps to be # valid) then uncomment this line. This will cause $YPDIR/passwd to # be generated with valid password fields. This is insecure: FreeBSD # normally only serves the master.passwd maps (which have real encrypted # passwords in them) to the superuser on other FreeBSD machines, but # non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX, # etc...) will only work properly in 'unsecure' mode. # UNSECURE =3D "True" You probably have to set UNSECURE equal to True and to rebuild the maps. Regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?se6de398.004>