From owner-freebsd-questions  Thu Sep 17 09:36:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA08060
          for freebsd-questions-outgoing; Thu, 17 Sep 1998 09:36:51 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from pau-amma.whistle.com (s205m64.whistle.com [207.76.205.64])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA08025
          for <freebsd-questions@freebsd.org>; Thu, 17 Sep 1998 09:36:44 -0700 (PDT)
          (envelope-from dhw@whistle.com)
Received: (from dhw@localhost)
	by pau-amma.whistle.com (8.8.8/8.8.7) id JAA16886;
	Thu, 17 Sep 1998 09:35:37 -0700 (PDT)
	(envelope-from dhw)
Date: Thu, 17 Sep 1998 09:35:37 -0700 (PDT)
From: David Wolfskill <dhw@whistle.com>
Message-Id: <199809171635.JAA16886@pau-amma.whistle.com>
To: bcrosby@eos.EAST.HITC.COM
Subject: Re: NIS Question.
Cc: freebsd-questions@FreeBSD.ORG
In-Reply-To: <36001999.D2644A1A@eos.east.hitc.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>Date: Wed, 16 Sep 1998 16:03:37 -0400
>From: Boris Crosby <bcrosby@eos.EAST.HITC.COM>

>I am new to FreeBSD and have a question on setting up NIS in a sun
>enviroment.  So far I have been able to get my system to see the maps.
>but I can't get users to login.  I mave the "+::::::::" in my password
>file as well as setup my rc.conf file.  Any help with this would be
>welcome.

OK.  The query should have been sent to freebsd-questions, rather than
freebsd-newbies, so I'm Cc:ing -questions.  (You had a Reply-To: that
specified your address, so -newbies was automatically excluded from
replies, by your request.)

The issue is that Sun's NIS implementation has the encrypted passwords
in the NIS passwd.byname & passwd.byuid maps; in contrast, the FreeBSD
approach is to merely have placeholders for the encrypted passwords in
those maps, and to have the encrupted passwords in some "special" maps.

These maps (master.passwd.byname & master.passwd.byuid) are "special" in
that:

* "Traditional" NIS implementations never used them, and thus, never
  look for information in them.

* Only processes running with an effective UID of 0 are permitted to
  access them (unless I got confused somewhere along the line).

There is a comment in the /var/yp/Makefile that addresses this:

# If you want to use a FreeBSD NIS server to serve non-FreeBSD clients
# (i.e. clients who expect the password field in the passwd maps to be
# valid) then uncomment this line. This will cause $YPDIR/passwd to
# be generated with valid password fields. This is insecure: FreeBSD
# normally only serves the master.passwd maps (which have real encrypted
# passwords in them) to the superuser on other FreeBSD machines, but
# non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX,
# etc...) will only work properly in 'unsecure' mode.
# 
#UNSECURE = "True"

david
-- 
David Wolfskill		UNIX System Administrator
dhw@whistle.com		voice: (650) 577-7158	pager: (650) 371-4621

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message