Google for "passwd.adjunct".
This was Sun's solution to hide the pw crypts. But later they encouraged to replace NIS, first with NIS+ then with LDAP.
And please continue with sharing your results here
Sorry for delay response since I did some works to test passwd.adjunct.
I know passwd.adjunct is the Sun's solution to hide password encryption.
It's just I'm not sure if it can satisfy what I need.
My goals are,
1. NIS users can login from both Linux and Solaris clients.
2. hide password encryption from ypcat
3. be able to change NIS user passwords from any host in our domain.
4. password aging can be provided to NIS users.
From what I've done, it seems like there is no perfect way to do them all neither using shadow nor passwd.adjunct.
When using shadow,
1. NIS users can login from both Linux and Solaris clients.
2. In order to satisfy #1, "MERGE_PASSWD" in the /var/yp/Makefile has to be set to "true" while it dissatisfies #4. And, this makes ypcat can get pw encrypts.
3. be able to change NIS user passwords from any host in our domain.
4. conflict with #2.
When using passwd.adjunct,
1. NIS users can login from both Linux and Solaris clients.
2. pw encypts can be hid from ypcat.
3. can use yppasswd to change a NIS user pwd. However, it fails to use a NIS user to login NIS master. I' ll describe it later.
4. password aging needs the shadow file instead of passwd.adjunct. I'm not sure if it's right. I failed to test this issue, maybe something I missed.
---------- Post updated at 07:34 PM ---------- Previous update was at 05:50 PM ----------
As for passwd.adjunct, I did some works trying to fit my needs.
To make passwd.adjunct works, there are something need to be done on both server/client.
on the client:
1. Edit /etc/default/nss config and set ADJUNCT_AS_SHADOW=TRUE.
on the server:
1. Create the file /var/yp/securenets
2. check /etc/ypserv.conf for the following settings,
3. change /etc/sysconfig/yppasswdd settings,
4. set my environment hash variable to DES encryption.
setenv YP_PASSWD_HASH des
5. copy /etc/shadow and /etc/passwd to /var/yp, modify /var/yp/passwd format as below,
username:##username:.....
6. change /var/yp/Makefile setting,
7. After finishing settings, restart ypserv and yppasswdd services.
After those,
1. a NIS user can login from both Linux/Solaris clients.
2. only root can get user password encryption.
3. You can change a NIS user password using yppasswd from any client and re-login. But, it fails to re-login from the NIS master server.
I do more tests and find when I login to the NIS master as a NIS user, it is authenticated to the /etc/shadow instead of /var/yp/passwd.adjunct, and if I use yppasswd to change the user password, it fails to change the NIS passwd.
Then I use passwd to do it again, it succeeds, but only to change /etc/shadow.
I believe it results from the nsswitch.conf setting authentication only to files,
So, when I login as a NIS user, it authenticates through /etc/passwd and /etc/shadow.
It's rational settings cause this is NIS master server, and there is no way to set "nis" in front of "files" which will cause the ypserv issue.
From what I tested, this is a gap between /etc/shadow and passwd.adjunct that I don't know how to fix it.
4. Because of #3, I have no chance to test password aging from NIS master. chage/chfn/chsh change /etc/shadow instead of /var/yp/passwd.adjunct.
I'm at my wit's end with this. Does anyone have any idea?
Hello all,
I am wondering if anyone had success with installing a redhat linux (PC box) on a Solaris NIS+ network. I have gotten information on how to do this but have been unsuccessful. The information that I have gotten is a little out dated and is not 100%. ... (0 Replies)
I am installing a NIS master server with a linux SLES 10 SP1. And it was pretty straight forward. (Simple since it GUI ) The server can bind to itself when issue with ypwhich command.
But on solaris 10 box, I set up the defaultdomain (/etc/defaultdomain) and also issue ypinit -c to startup the... (3 Replies)
Hi eveyone
Ours is an application hosted on HP-UX 11 and we are trying to migrate the server to different flavour of UNIX. We are actually looking at the option of migrating it to Sun Solaris or Linux.
We are trying to evaulate the pros and cons of migrating our application to Solaris/Linux.... (6 Replies)
Hi,
Currently I can able to access php script from solaris. I want to access from Linux
I have done the following things:
1) I have copied all the scripts from solaris to linux.
2) I have installed php,mysql,apache.
I tried with http://Hostname/username/test.php . This is not working .... (6 Replies)
Hi ,
I am gonna attend interview this week end for unix developer ( 4.5 years exp) opening .. Can you help me out the topics or the questions which I can expect in the interview. This is may be silly but it is very important to me. Thanks in Advance (5 Replies)
Hello,
This is my first ever post on Unix anything :). I really am a total newb when it comes to Unix. I am fairly well versed in the Windows world though.
I have a project that I was pulled into which consists on migrating our Unix servers from authenticating with NIS, over to authenticating... (1 Reply)
We are migrating some scripts (ksh) from Solaris 10 to Linux 2.6.32.
Can someone share list of changes i need to take care for this ?
Have found few of them but i am looking for a exhaustive list.
Thanks. (6 Replies)
Based on the NIS migration tests I did and another question I posted earlier on.
https://www.unix.com/solaris/272021-solaris-8-md5-encryption-support.html
I tried to downgrade NIS linux encryption to DES to support solaris connection.
So I modified /etc/pam.d/system-auth as below,
password... (0 Replies)