NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS

Manolis Kiagias sonicy at otenet.gr
Tue Oct 16 05:07:15 PDT 2007 

Lowell Gilbert wrote:
> Manolis Kiagias <sonicy at otenet.gr> writes:
>
>   
>> Olivier Nicole wrote:
>>     
>>>> Linux doesn't normally use master.passwd.  If I recall correctly, it
>>>> uses /etc/shadow instead (but I don't have such a box at hand right now
>>>> to check).  And yes, the internal format is different (and, again, I don't
>>>> remember details).
>>>>     
>>>>         
>>> If I am not wrong, NIS does not know anything about master.passwd or
>>> shadow, it has only passwd.byname passwd.byuid as password maps, both
>>> maps including password in them.
>>>
>>> Olivier
>>>       
>
>   
>> You are probably right, I don't remember the exact files right now, the
>> thing is the maps are not linux compatible, so if anyone has a NIS
>> Makefile for this, I'd be glad to get a copy. I already tried a patch I
>> found but was not successful.
>>     
>
> Don't patch anything.  Just edit /var/yp/Makefile to remove the
> comment character from the UNSECURE line, rebuild, and you're done.  
>
> This is fully explained inline in that file, as well as in the manual
> for ypserv(8).
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>   
I've read this the first time I tried and decided not to go with it.
The manual says:
"If you plan to use a FreeBSD system to serve non-FreeBSD
clients that have no support for password shadowing (which is
most of them), you will have to disable the password shadowing
entirely by uncommenting the UNSECURE=True entry in
 /var/yp/Makefile."

Linux certainly uses password shadowing, and I can see in my debian
server maps passwd.byname and shadow.byname files
If I perform ypcat passwd.byname from a client I get the standard passwd
file with no passwords (exactly like /etc/passwd)
The encrypted passwords are in the shadow.byname map.

Now, if I understand correctly, the above solution would put the
passwords in the passwd.byname map, thus making the system less secure,
where in fact I should be able to make FreeBSD export a shadow.byname
map that would be compatible with Linux.
Am I missing something here / are my assumptions wrong?

More information about the freebsd-questions mailing list