NIS interoperability with Linux, was Re: Following directions
doesn't seem to work: Adding users in NIS
sonicy at otenet.gr
Tue Oct 16 05:07:15 PDT 2007
Lowell Gilbert wrote:
> Manolis Kiagias <sonicy at otenet.gr> writes:
>> Olivier Nicole wrote:
>>>> Linux doesn't normally use master.passwd. If I recall correctly, it
>>>> uses /etc/shadow instead (but I don't have such a box at hand right now
>>>> to check). And yes, the internal format is different (and, again, I don't
>>>> remember details).
>>> If I am not wrong, NIS does not know anything about master.passwd or
>>> shadow, it has only passwd.byname passwd.byuid as password maps, both
>>> maps including password in them.
>> You are probably right, I don't remember the exact files right now, the
>> thing is the maps are not linux compatible, so if anyone has a NIS
>> Makefile for this, I'd be glad to get a copy. I already tried a patch I
>> found but was not successful.
> Don't patch anything. Just edit /var/yp/Makefile to remove the
> comment character from the UNSECURE line, rebuild, and you're done.
> This is fully explained inline in that file, as well as in the manual
> for ypserv(8).
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
I've read this the first time I tried and decided not to go with it.
The manual says:
"If you plan to use a FreeBSD system to serve non-FreeBSD
clients that have no support for password shadowing (which is
most of them), you will have to disable the password shadowing
entirely by uncommenting the UNSECURE=True entry in
Linux certainly uses password shadowing, and I can see in my debian
server maps passwd.byname and shadow.byname files
If I perform ypcat passwd.byname from a client I get the standard passwd
file with no passwords (exactly like /etc/passwd)
The encrypted passwords are in the shadow.byname map.
Now, if I understand correctly, the above solution would put the
passwords in the passwd.byname map, thus making the system less secure,
where in fact I should be able to make FreeBSD export a shadow.byname
map that would be compatible with Linux.
Am I missing something here / are my assumptions wrong?
More information about the freebsd-questions