From owner-freebsd-questions Mon Mar 10 18:24:46 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C50337B43C for ; Mon, 10 Mar 2003 18:24:43 -0800 (PST) Received: from its-mu-earth.its.rmit.edu.au (its-mu-earth.its.rmit.edu.au [131.170.2.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC24243FBF for ; Mon, 10 Mar 2003 18:24:41 -0800 (PST) (envelope-from Neeraj.Arora@ems.rmit.edu.au) Received: from ems.rmit.edu.au (ems.rmit.edu.au [131.170.10.112]) by its-mu-earth.its.rmit.edu.au (8.10.1/8.10.1/ANTI-SPAM/ANTI-RELAY/EARTH) with ESMTP id h2B2OdV11447 for ; Tue, 11 Mar 2003 13:24:39 +1100 (EST) Received: from INET1-MTA by ems.rmit.edu.au with Novell_GroupWise; Tue, 11 Mar 2003 13:24:40 +1100 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.3 Beta Date: Tue, 11 Mar 2003 13:24:15 +1100 From: "Neeraj Arora" To: Cc: Subject: Re: freebsd nis server with debian clients Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Konrad, This works...:^) Thanks. This means, the libraries on Linux do not understand shadow passwords on = NIS. Thus, if I want to use shadow passwords with a Linux Machine, I have = to expose them to clients. There is a possibility that I could delete or = hide the binary ypcat from allowing users to see it, but that does not = disallow any of the users to compile their own version and retrieve = sensitive information. Could this be classified as a security hole??? Has anyone tried compiling the bsd yp tools on linux, or tried to port = them??? Regards, Neeraj >>> Konrad Heuer 03/10/03 19:50 PM >>> On Mon, 10 Mar 2003, Neeraj Arora wrote: > Hi Geeks, Girls and Guys, > > ...:^) > > I am having a little problem setting up a debian client to derive login = data from a freebsd nis server. There is no problem when the freebsd nis = server interacts with freebsd clients, but there is a problem when it = interacts with a debian gnu/linux client. > > The authentication works when I force a password in the /etc/passwd file = on the debian gnu/linux system. E.g.: > +login_whatever:$1$blahblahblah:::::/bin/bash > +::::::/bin/bash > > But, it does not work when the password has to be sourced from the nis = server (viz. a freebsd machine). I confirmed that both are communicating/op= erating on nis v2. And moreover, the password on the freebsd server are = stored in md5 too. > > So, I dont seem to understand what the problem may be. > > Any help will be great...:) > > Regards, > Neeraj > > N.B.: I am a freebsd devotee and thus posting this to the > freebsd-questions mailing list. I might try debian mailing lists too, > but first here...:) Look into /var/yp/Makefile for something looking like this: # If you want to use a FreeBSD NIS server to serve non-FreeBSD clients # (i.e. clients who expect the password field in the passwd maps to be # valid) then uncomment this line. This will cause $YPDIR/passwd to # be generated with valid password fields. This is insecure: FreeBSD # normally only serves the master.passwd maps (which have real encrypted # passwords in them) to the superuser on other FreeBSD machines, but # non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX, # etc...) will only work properly in 'unsecure' mode. # UNSECURE =3D "True" You probably have to set UNSECURE equal to True and to rebuild the maps. Regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message