Hi,
on 19 Dec 1995 I asked if C2 and NIS were mutually exclusive under 2.0a.
Thanks to
Jonathan Rozes <jrozes_at_gumbo.tcs.tufts.edu>
Jon Eidson <eidson_at_unix4.is.tcu.edu>
Knut Hellebo <Knut.Hellebo_at_nho.hydro.com>
Jon Buchanan <Jonathan.Buchanan_at_ska.com>
who gave answers. I append the reply from Jon Buchanan. It basically
summarises what has be said so far and gives additional information
on setting up Enhanced Security and NIS together.
For our site, however, we chose to refrain from upgrading to Enhanced
Security and higher OS version until there are strong reasons to do so
(or until 4.1? :-). Till then we have to live with syslog "auditing".
Thanks again
Steffen.
> Hello Steffen,
>
> Having just returned from the Christmas break I only read your query
> about Enhanced Security and NIS today, but since I see you haven't
> posted a summary yet then perhaps you're still interested in replies.
>
> Enhanced Security and NIS is a no-go with OSF/1 v2.* - it was only
> supported with OSF/1 v3.0 and later. Having said that, it didn't work
> under 3.0 either unless you installed a whole bunch of patches, but I
> believe these were then incorporated into 3.2. In fact, we installed
> the patches and with a great deal of difficulty we eventually got NIS
> running under 3.0 with Enhanced Security.
>
> Something that's worth knowing is that an Enhanced Security NIS Slave
> cannot operate independently of the Enhanced Security NIS Master. This
> is because the prpasswd ('protected password') file is updated with
> every login attempt, and is only mastered on the NIS Master. In other
> words, there's no point having a Slave because it won't be able to
> function without the Master running. In order not to have a single
> point of failure we have devised a workaround for this, which is to have
> two Masters, but the workaround isn't supported by DEC.
>
> BTW, Enhanced Security does not necessarily equate to C2 unless you turn
> on auditing.
>
> If you decide to 'go for it' then let me know and I can send you a list
> of tips which may help.
>
> Regards,
> Jon Buchanan, Zuerich, Switzerland
> [ Jonathan.Buchanan_at_ska.com ]
Received on Wed Jan 03 1996 - 13:44:44 NZDT