|
|
Sponsored Content
Operating Systems
Solaris
Experience sharing and questions for NIS migration from Solaris 8 to Linux
Post 302996986 by bestard on Friday 5th of May 2017 01:32:53 AM
05-05-2017
Quote:
Just to add to the discussion
- AFAIK, Solaris 8 only supports password.adjunct, not shadow in nis
- password.adjunct is extremely weak security and only protects against users if they cannot become root on a client that can approach the NIS server
- passwd.adjunct works with both Solaris 8 and Linux clients.
- Solaris 8, when updated to the very latest levels supports TLS/LDAP as long as the LDAP server uses SHA1 certificates (TLS 1.0). This is not an easy feat, but it is possible
- AFAIK NIS will only work with DES56
- I do not think password aging is possible on Solaris in combination with NIS, since it does not support shadow over NIS.
- Solaris 8, even with the latest patches remains of course an insecure and outdated platform.
- On Linux "nis" does not need to be / cannot be specified in system-auth / password-auth in pam. This is handled by pam_unix.so, since authentication is client side.
I am less concerned with security things since there is no choice with those Solaris 8 clients which are out of maintenance. I'm just trying to find a perfect way to complete whole tasks, if not, I can live with that. I did far more than my boss wanted me to do. He should be glad from what I've done.
Based on your sharing, I might stick with using shadow for both platforms and it's compromised for pw hidden to ypcat and password aging though. But I can make a NIS user login to all hosts in the domain at least.
I might think about if it's possible to write a password aging checker for Solaris clients once I decide to enable NIS password aging at the next step.
Anyway, thank you all.
|
|
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello all,
I am wondering if anyone had success with installing a redhat linux (PC box) on a Solaris NIS+ network. I have gotten information on how to do this but have been unsuccessful. The information that I have gotten is a little out dated and is not 100%. ... (0 Replies)
Discussion started by: larry
0 Replies
2. UNIX for Advanced & Expert Users
I am installing a NIS master server with a linux SLES 10 SP1. And it was pretty straight forward. (Simple since it GUI ) The server can bind to itself when issue with ypwhich command.
But on solaris 10 box, I set up the defaultdomain (/etc/defaultdomain) and also issue ypinit -c to startup the... (3 Replies)
Discussion started by: ibroxy
3 Replies
3. HP-UX
Hi eveyone
Ours is an application hosted on HP-UX 11 and we are trying to migrate the server to different flavour of UNIX. We are actually looking at the option of migrating it to Sun Solaris or Linux.
We are trying to evaulate the pros and cons of migrating our application to Solaris/Linux.... (6 Replies)
Discussion started by: turaga.krishna
6 Replies
4. Linux
Hi,
Currently I can able to access php script from solaris. I want to access from Linux
I have done the following things:
1) I have copied all the scripts from solaris to linux.
2) I have installed php,mysql,apache.
I tried with http://Hostname/username/test.php . This is not working .... (6 Replies)
Discussion started by: Mani_apr08
6 Replies
5. UNIX for Dummies Questions & Answers
Hi ,
I am gonna attend interview this week end for unix developer ( 4.5 years exp) opening .. Can you help me out the topics or the questions which I can expect in the interview. This is may be silly but it is very important to me. Thanks in Advance (5 Replies)
Discussion started by: arukuku
5 Replies
6. UNIX for Dummies Questions & Answers
Hello,
This is my first ever post on Unix anything :). I really am a total newb when it comes to Unix. I am fairly well versed in the Windows world though.
I have a project that I was pulled into which consists on migrating our Unix servers from authenticating with NIS, over to authenticating... (1 Reply)
Discussion started by: barcode2328
1 Replies
7. Shell Programming and Scripting
We are migrating some scripts (ksh) from Solaris 10 to Linux 2.6.32.
Can someone share list of changes i need to take care for this ?
Have found few of them but i am looking for a exhaustive list.
Thanks. (6 Replies)
Discussion started by: Shivdatta
6 Replies
8. Solaris
Based on the NIS migration tests I did and another question I posted earlier on.
https://www.unix.com/solaris/272021-solaris-8-md5-encryption-support.html
I tried to downgrade NIS linux encryption to DES to support solaris connection.
So I modified /etc/pam.d/system-auth as below,
password... (0 Replies)
Discussion started by: bestard
0 Replies
LEARN ABOUT SUNOS
yppasswd
yppasswd(1) User Commands yppasswd(1) NAME
yppasswd - change your network password in the NIS database SYNOPSIS
yppasswd [username] DESCRIPTION
The yppasswd utility changes the network password associated with the user username in the Network Information Service (NIS) database. If the user has done a keylogin(1), and a publickey/secretkey pair exists for the user in the NIS publickey.byname map, yppasswd also re- encrypts the secretkey with the new password. The NIS password may be different from the local one on your own machine. yppasswd prompts for the old NIS password, and then for the new one. You must type in the old password correctly for the change to take effect. The new password must be typed twice, to forestall mistakes. New passwords must be at least four characters long, if they use a sufficiently rich alphabet, and at least six characters long if mono- case. These rules are relaxed if you are insistent enough. Only the owner of the name or the super-user may change a password; superuser on the root master will not be prompted for the old password, and does not need to follow password construction requirements. The NIS password daemon, rpc.yppasswdd must be running on your NIS server in order for the new password to take effect. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWnisu | +-----------------------------+-----------------------------+ SEE ALSO
keylogin(1), login(1), nis+(1), nispasswd(1), passwd(1), getpwnam(3C), getspnam(3C), secure_rpc(3NSL), nsswitch.conf(4), attributes(5) WARNINGS
Even after the user has successfully changed his or her password using this command, the subsequent login(1) using the new password will be successful only if the user's password and shadow information is obtained from NIS. See getpwnam(3C), getspnam(3C), and nsswitch.conf(4). NOTES
The use of yppasswd is discouraged, as it is now only a wrapper around the passwd(1) command, which should be used instead. Using passwd(1) with the -r nis option (see nis+(1)) will achieve the same results, and will be consistent across all the different name services avail- able. BUGS
The update protocol passes all the information to the server in one RPC call, without ever looking at it. Thus, if you type your old pass- word incorrectly, you will not be notified until after you have entered your new password. SunOS 5.10 28 Nov 2001 yppasswd(1)