From owner-freebsd-questions@FreeBSD.ORG Tue Oct 16 12:07:15 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A86F16A41A for ; Tue, 16 Oct 2007 12:07:15 +0000 (UTC) (envelope-from sonicy@otenet.gr) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.94]) by mx1.freebsd.org (Postfix) with ESMTP id E193813C45B for ; Tue, 16 Oct 2007 12:07:14 +0000 (UTC) (envelope-from sonicy@otenet.gr) Received: from atlantis.dyndns.org (athedsl-305194.home.otenet.gr [85.73.239.200]) by rosebud.otenet.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l9GC7BkX000927 for ; Tue, 16 Oct 2007 15:07:12 +0300 Message-ID: <4714A96F.4080309@otenet.gr> Date: Tue, 16 Oct 2007 15:07:11 +0300 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.5 (X11/20070719) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20071015054707.GA34948@parts-unknown.org> <47138DE7.80800@otenet.gr> <20071015190846.GB86225@parts-unknown.org> <4713BF9F.3050803@otenet.gr> <20071015204022.GA76464@parts-unknown.org> <200710160126.l9G1QgdW082501@banyan.cs.ait.ac.th> <47143E1A.1080000@otenet.gr> <44myuj2sw1.fsf@Lowell-Desk.lan> In-Reply-To: <44myuj2sw1.fsf@Lowell-Desk.lan> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Oct 2007 12:07:15 -0000 Lowell Gilbert wrote: > Manolis Kiagias writes: > > >> Olivier Nicole wrote: >> >>>> Linux doesn't normally use master.passwd. If I recall correctly, it >>>> uses /etc/shadow instead (but I don't have such a box at hand right now >>>> to check). And yes, the internal format is different (and, again, I don't >>>> remember details). >>>> >>>> >>> If I am not wrong, NIS does not know anything about master.passwd or >>> shadow, it has only passwd.byname passwd.byuid as password maps, both >>> maps including password in them. >>> >>> Olivier >>> > > >> You are probably right, I don't remember the exact files right now, the >> thing is the maps are not linux compatible, so if anyone has a NIS >> Makefile for this, I'd be glad to get a copy. I already tried a patch I >> found but was not successful. >> > > Don't patch anything. Just edit /var/yp/Makefile to remove the > comment character from the UNSECURE line, rebuild, and you're done. > > This is fully explained inline in that file, as well as in the manual > for ypserv(8). > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > I've read this the first time I tried and decided not to go with it. The manual says: "If you plan to use a FreeBSD system to serve non-FreeBSD clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the UNSECURE=True entry in /var/yp/Makefile." Linux certainly uses password shadowing, and I can see in my debian server maps passwd.byname and shadow.byname files If I perform ypcat passwd.byname from a client I get the standard passwd file with no passwords (exactly like /etc/passwd) The encrypted passwords are in the shadow.byname map. Now, if I understand correctly, the above solution would put the passwords in the passwd.byname map, thus making the system less secure, where in fact I should be able to make FreeBSD export a shadow.byname map that would be compatible with Linux. Am I missing something here / are my assumptions wrong?