Date: Tue, 16 Oct 2007 15:07:11 +0300 From: Manolis Kiagias <sonicy@otenet.gr> To: freebsd-questions@freebsd.org Subject: Re: NIS interoperability with Linux, was Re: Following directions doesn't seem to work: Adding users in NIS Message-ID: <4714A96F.4080309@otenet.gr> In-Reply-To: <44myuj2sw1.fsf@Lowell-Desk.lan> References: <20071015054707.GA34948@parts-unknown.org> <47138DE7.80800@otenet.gr> <20071015190846.GB86225@parts-unknown.org> <4713BF9F.3050803@otenet.gr> <20071015204022.GA76464@parts-unknown.org> <200710160126.l9G1QgdW082501@banyan.cs.ait.ac.th> <47143E1A.1080000@otenet.gr> <44myuj2sw1.fsf@Lowell-Desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Lowell Gilbert wrote: > Manolis Kiagias <sonicy@otenet.gr> writes: > > >> Olivier Nicole wrote: >> >>>> Linux doesn't normally use master.passwd. If I recall correctly, it >>>> uses /etc/shadow instead (but I don't have such a box at hand right now >>>> to check). And yes, the internal format is different (and, again, I don't >>>> remember details). >>>> >>>> >>> If I am not wrong, NIS does not know anything about master.passwd or >>> shadow, it has only passwd.byname passwd.byuid as password maps, both >>> maps including password in them. >>> >>> Olivier >>> > > >> You are probably right, I don't remember the exact files right now, the >> thing is the maps are not linux compatible, so if anyone has a NIS >> Makefile for this, I'd be glad to get a copy. I already tried a patch I >> found but was not successful. >> > > Don't patch anything. Just edit /var/yp/Makefile to remove the > comment character from the UNSECURE line, rebuild, and you're done. > > This is fully explained inline in that file, as well as in the manual > for ypserv(8). > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > I've read this the first time I tried and decided not to go with it. The manual says: "If you plan to use a FreeBSD system to serve non-FreeBSD clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the UNSECURE=True entry in /var/yp/Makefile." Linux certainly uses password shadowing, and I can see in my debian server maps passwd.byname and shadow.byname files If I perform ypcat passwd.byname from a client I get the standard passwd file with no passwords (exactly like /etc/passwd) The encrypted passwords are in the shadow.byname map. Now, if I understand correctly, the above solution would put the passwords in the passwd.byname map, thus making the system less secure, where in fact I should be able to make FreeBSD export a shadow.byname map that would be compatible with Linux. Am I missing something here / are my assumptions wrong?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4714A96F.4080309>