Date: Wed, 14 Oct 1998 11:13:46 -0400 (EDT) From: Dan Swartzendruber <druber@mail.kersur.net> To: freebsd-isp@FreeBSD.ORG Subject: a little gotcha with crypt() and NIS Message-ID: <Pine.BSF.3.96.981014110921.29812B-100000@mail.kersur.net>
next in thread | raw e-mail | index | archive | help
I found this out the hard way. Any NIS clients that use crypt() should have encryption configured the same was the the NIS servers. If you don't do this, then software that does the canonical "read a username, read the password for that user, do a getpwnam for that username, do a crypt() on the typed-in password, and compare the two" will fail. This happens because an NIS client doing getpwnam() will in fact fetch the password file entry from the NIS server, and the format of the password returned by crypt() on the local machine will not be the same as that returned by the server. This cost me some hair pulling trying to figure out why a newly installed Radius server was rejecting logins that were perfectly legitimate. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981014110921.29812B-100000>