Jens B. Jorgensen wrote: > > as the last line of /etc/passwd. Now, the Sun also has shadow passwords, > and it's NIS (NIS+ actually) is set up to handle this. To get it to > work I had to build the maps *with* passwd info included, like thus > on the sun: > > /usr/lib/nis/nisaddent -p -f /etc/passwd.net passwd
Hmm. That's an idea. I could run shadow and then build a non-shadow passwd file from which to update nis. That might work. How does one combine the passwords from /etc/shadow with the entries in /etc/passwd into a third file I wonder. This may be a job for a quick sh or perl script. I'll hack one together if no one has a better idea. > with the '-p' telling it to go ahead and include the password > field. I tried to use shadow in the maps, but no luck. NOTE: this > matters little anyway since NIS (as opposed to NIS+) will give up > *any* map to *anyone* who asks for it. Thus NIS exposes you to > the same problems as non-shadow passwords. Ooops, I didn't mention > it before but I *am* using shadow passwords on the debian box too. Not entirely true. If you set up /etc/ypserv.conf properly, normal users will get "shadowed" passwords from the ypcommands, but root will get the real entry. (There are comments in /etc/ypserv.conf on how to do it). Not quite completely secure, but better than nothing. e.g. root# ypmatch user passwd user:k9xUnxmXGdzGM:1000:100:Joe user:/home/user:/bin/sh root# su - user user% ypmatch user passwd user:x:1000:100:Joe user:/home/user:/bin/sh > I guess we'll just have to wait for the nis+ support coming with glibc. > Doh. I understand that someone is also working on an nis+ deiban package? I look forward to nis+ support in Debian too! Thanks! Behan -- Behan Webster mailto:[EMAIL PROTECTED] +1-613-224-7547 http://www.verisim.com/ -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
