Hi
I have recently tried in vain to configure NIS with enhanced security on
my dec3000 server. I have followed the instruction given in the Network
Configuration manual on "Setting up the Master Server". What I did was
the following :
1. Copy all the relevant files from /etc, such as passwd, group,
services, hosts, protocols, rpc, networks, into the /var/yp/src directory.
2. invoke nissetup and does the following option :
a. Enter my NIS domain as staff.singnet.com.sg. I believe this does
not have to be the same as my dns domain name.
b. Choose my server as the
master server
c. run yppasswdd daemon as the option
d. enter the slave server
e. select the -S security option. Actually I am not sure what is this
for. Because I notice that it generate "ypbind:Secure mode sunos3.x
servers rejected." error when I run the yp daemon.
f. Disallow all ypset request.
g. Use all NIS databases.
h. Add the +: symbol at the end of /etc/passwd and /etc/group files.
h. Edit the svc.conf file to include yp for each database.
i. start nis.
After the nis setup, I used the XSysAdmin to create a new user in the
NIS. I notice an entry for the new account in the /var/yp/src/passwd
and /var/yp/src/prpasswd file. The passwd entry is * in the passwd file.
When I tried to su to the new account, the system complain Unknown id
error. When I tried to use the XIsso to change the passwd of the new
account, it prompt with a blank passwd dialog box which hang there for a
while and exit.
I also tried to use the yppasswd command to change the
passwd but it seem that I need to erase the "*" string in the passwd
file before the yppasswd command can change the passwd. But the
yppasswd command update the encrypted passwd into the passwd file which
I think is wrong. In enhance security, the encrypted passwd should be
in the prpasswd file.
I have also checked the /etc/auth/system/files file and the entry for
the prpasswd is as follows :
/var/yp/src/prpasswd:\
:f_type=r:f_mode#0660:f_owner=auth:f_group=auth:\
:chkent:
/var/yp/src/prpasswd\:o:\
:f_type=r:f_mode#0660:f_owner=auth:f_group=auth:\
:chkent:
/var/yp/src/prpasswd\:t:\
:f_type=r:f_mode#0660:f_owner=auth:f_group=auth:\
:chkent:
It seems that my system is not looking into the NIS database for
account. Appreciate very much if someone can help me out on this.
Thank you.
Have a nice day.
Regards
Chua Koon Teck
koonteck_at_singnet.com.sg
SingNet
URL="
http://www.singnet.com.sg/"
Singapore Telecom
Received on Mon May 22 1995 - 00:57:41 NZST