SUMMARY: Any restrictions with NIS emulation mode?
From: Jeremy Jin _at_ Nucleus (_at_)
To: <firstname.lastname@example.org> Date: Wed, 8 Oct 2003 14:59:45 -0600
I got only one reply from Paul Kennedy who didn't give me a direct solution
but a debug point,
The NP stands for "No Privelege" and you need to run keylogin (on your NIS+
server) to deal with this problem.
Yes, what he said *NP* is the problem I have. Since NIS+ has security
restrictions, unauthorized clients won't be able to read some information
from NIS+ server. But NIS clients don't have this security feature, so my
Linux NIS client cannot read password from NIS server.
"keylogin" doesn't help for a NIS clients, actually NIS clients don't have
security feature. I read NIS+ Administration Guide and find a solution, run
the following command,
"nistbladm -u "passwd=na+r" passwd.org_dir.mydomain.com.
"nistbladm -u "shadow=na+r" passwd.org_dir.mydomain.com.
Then the Linux NIS client could read password from NIS+ server and the login
problem was solved. But of course, the NIS+ loses the important security
feature. Any unauthorized client could read the password now.
Not sure why, the Linux world doesn't like the security feature of NIS+. NIS
is more popular than NIS+ in Linux world.
I setup a Solaris machine as NIS+ server and a Linux computer as NIS+
client, I can login the NIS+ client without any problem.
Because NIS+ client for Linux is not so popular, so I tried to change it to
NIS client. At first, I run NIS+ server in NIS emulation mode, then I
followed all steps in NIS/NIS+ HOWTO to setup the NIS client.
(change /etc/nsswitch.conf, /etc/pam.d/login).
Then I run "ypcat passwd", it can show the passwd table. (but the password
filed is NP )
Then I run autofs, if I "cd /home/user-a", it can automaticly mount
But I can NOT login as a user whose name is in passwd table. This is the
only problem with my NIS client.
Error messages in /var/log/messages,
Oct 7 14:48:57 linux login(pam_unix): authentication failure;
logname= uid=0 euid=0 tty=pts/1 ruser= rhost=host-a user=user-a
Oct 7 14:48:59 linux login: FAILED LOGIN 1 FROM host-a FOR user-a,
I read carefully the NIS howto document and some other articles, I didn't
find anything wrong with my configuration. So I have to ask, is this problem
caused by NIS server instead of client?
I did find somebody ask the similar question (only the error message
different), but I didn't find any summary for that question, so I don't know
if that guy solved this problem.
Thanks in advance!
sunmanagers mailing list