From: Doug Wyatt (dwyatt@kohlmansystems.com)
Date: Wed Feb 18 2004 - 00:20:14 EST
My thanks to Srinath Rajagopalan, Navin Jain and Praveen, for
their helpful and on-target responses.
The problem was on Dax, where I'd put a '*' in the password
field of the '+' entry. This is apparently recommended on Sun
and possibly Linux, to prevent passwordless logins with the
userid '+'. But on HP's, the '*' in the password field just
prevents logins for accounts deployed via NIS. Making the
change to the last entry in /etc/passwd, now '+::0:0:::',
enabled logins for the entries delivered to Dax via NIS.
Again, thanks!
Doug Wyatt
The Question:
>
> After several years of getting by without NIS on our HP-UX
> workstations, I'm now trying to get NIS into operation as
> our company shifts further over to the darkside - Microsoft.
>
> We need NIS working so that MS Services for Unix can map
> user and group names between HP-UX and Windows, so that the
> NFS exports from Windows can be accessed from HP-UX.
>
> Anyway, I've setup an NIS server on one HP, Titan HP-UX 11.0,
> and NIS client on another HP, Dax HP-UX 10.20. 'ypwhich -m'
> on Dax displays:
> auto.master titan
> vhe_list titan
> publickey.byname titan
> mail.byaddr titan
> netgroup.byhost titan
> netgroup.byuser titan
> mail.aliases titan
> netgroup titan
> protocols.byname titan
> protocols.bynumber titan
> servi.bynp titan
> services.byname titan
> rpc.byname titan
> rpc.bynumber titan
> networks.byaddr titan
> networks.byname titan
> hosts.byaddr titan
> hosts.byname titan
> group.bygid titan
> group.byname titan
> passwd.byuid titan
> passwd.byname titan
> ypservers titan
>
> Dax has a stripped-down /etc/passwd file, with +:*:*::: as
> the last entry. /etc/nsswitch.conf has 'passwd: compat'.
> I can list the passwd DB with 'ypcat -d ksrhpux -k passwd',
> on Dax. I can change a password for an account on Titan,
> from Dax. I can login as root on Dax and 'su - acct' for an
> account that is not in Dax's passwd file, but is shared via
> NIS from Titan.
>
> But I cannot login on Dax with any of the NIS provided passwd
> file entries, only with the ones that remain explicitly in
> its passwd file.
>
> It appears that NIS is not handling password authentication.
> Neither system is a trusted system.
>
> Anyone have any ideas what I need to fix?
>
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:39 EDT