Summary [2] : Non C2 clients connecting to C2 + NIS server

From: CLAUDINE BERTHOUD (CBERTHOUD@proxis-services.fr)
Date: Tue Aug 27 2002 - 02:14:02 EDT

• Next message: John Peter Gormley: "Summary- Trucluster disable"
• Previous message: Zoong Pham: "SUMMARY: kill runaway telnetd processes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

Ann Majeske from hp has send this interesting information :

Using ldap should work, but you CAN connect to a Tru64 NIS server running
Enhanced Security from systems that are not running Enhanced Security
if you have things set up right. The only client systems that this may not
work with are ones running other vendor's versions of C2/Shadow password
or whatever.

You can set up the Tru64 Enhanced Security NIS server to put the password
in both the prpasswd and the passwd map by setting the u_newcrypt field to
3.
Here's the definition of the crypt values (from the
/usr/include/prot.h file):
#define AUTH_CRYPT_BIGCRYPT 0 /* index to use bigcrypt*/
#define AUTH_CRYPT_CRYPT16 1 /* index to use crypt16 */
#define AUTH_CRYPT_OLDCRYPT 2 /* index to use old crypt */
#define AUTH_CRYPT_C1CRYPT 3 /* index to use /etc/passwd
*/

I haven't worked out the exact steps, but to get the Enhanced Security
NIS server to serve the password in both the passwd and prpasswd map,
you'd have to do something like:
  - copy the current passwords from the prpasswd map to the passwd map
  and rebuild the passwd map (you might have a problem using the current
  passwords if you're not using the default crypt, so I'd test this
  with one or two passwords first). Or just require all your users to
  reset their passwords after you set u_newcrypt to 3.
  - edit the default database on the NIS master server to set the u_newcrypt
  field to 3.
I think that the Enhanced Security NIS master server will properly
handle password change requests from the non-Enhanced Security NIS
clients in this case, but you should check it.

Ann

CLAUDINE BERTHOUD wrote:
>
> Thank you to Ken Kleiner, Uwe Richter, Regis Carlier and Pat O'Brien.
>
> It seems you cannot connect to a runnig C2 security NIS server from a
non
> C2 client.
>
> Ken says that the best way to avoid using NIS autentication is to
implement
> ldap.
>
> Regards
> Claudine
>
> >
> > Hello,
> >
> > A Tru64 V5.1 NIS server is runnig C2 security.
> > No problem for connecting from a C2 client.
> > What should I do to be able to connect from a system which does not run
C2
> > security (Tru64, linux, Solaris, etc) ?
> > Regards
> >
> > Claudine Berthoud
> > Proxis-Services
> > Z.I. du Bois de l'Epine
> > 11, avenue Joliot Curie
> > BP 202
> > 91007 Evry Cedex
> > Tel : 01 69 77 95 27
> > e-mail : cberthoud@proxis-services.fr
> >

• Next message: John Peter Gormley: "Summary- Trucluster disable"
• Previous message: Zoong Pham: "SUMMARY: kill runaway telnetd processes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:50 EDT