[Freeipa-users] EXTERNAL: Re: NIS Compat Password Issues
Rob Crittenden
rcritten at redhat.com
Fri Apr 5 13:36:29 UTC 2013
Joseph, Matthew (EXP) wrote:
> My old NIS server we used shadow passwords.
> When I migrated my passwd nis file to IPA I'm assuming it also imported the part of the file that contains the "x" to point it towards a shadow file.
>
> Would I need to remove the "x" from the nis passwd file and re-migrate it to IPA?
> Is there a better way to get around this?
This is why I asked what nsswitch.conf looked like. IPA does not provide
the shadow map, so no passwords at all area available.
It is possible to add a shadow map, but it is unsecure and one of the
primary reasons people don't use NIS much any more.
What kind of client are you configuring, and do you need it to be pure NIS?
rob
>
> Matt
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Joseph, Matthew (EXP)
> Sent: Friday, April 05, 2013 6:40 AM
> To: Rob Crittenden; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat Password Issues
>
> Hey Rob,
>
> The passwd section of nsswitch.conf is the following;
>
> Passwd: files nis
>
> Matt
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Thursday, April 04, 2013 3:05 PM
> To: Joseph, Matthew (EXP); freeipa-users at redhat.com
> Subject: EXTERNAL: Re: [Freeipa-users] NIS Compat Password Issues
>
> Joseph, Matthew (EXP) wrote:
>> Hello,
>>
>> I've having issues with trying to login to our NIS clients that are
>> looking at IPA as a "NIS" Server.
>>
>> The NIS Client can view all of the usernames when I do a ypcat passwd
>> but when I try to login a with a user account it will not accept the
>> password. I've even tried setting it as simple as Password123 and
>> still nothing.
>>
>> I don't see anything NIS related in the error logs on the IPA server.
>>
>> Can someone point me in the right direction for this?
>
> What does your nsswitch.conf look like?
>
> Note that IPA does not provide the shadow map (because it sends hashes in the clear).
>
> rob
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list