Hello managers,
Please excuse my late summary and many thanks to Ken Krueger, who was the only reply that I get.
We're still trying to solve the problem with help from Digital.
Ken Krueger wrote:
We have a similar setup. The problem we uncovered is that when using C2,
user security information for accounts with uid's with values greater than
either the default 100 or what has been set by the command 'edauth -U uid',
will be located on the /var/tcb/files/auth.db file. Those with uid's less
than that will be stored in the /tcb/files/auth.db file. So as an example,
anytime a user (uid>100) has failed login attempts, the data is stored in
the var based auth.db file. When you try to distribute a common passwd file
via NIS, you get a mismatch of security info and NIS authentication unless
you also share the /var/tcb/files/auth.db file. Without the shared
/var/tcb/files/auth.db file, security violations on one client will not get
logged on the others. Therefore an attack on one client can continue on all
others until that account is disabled on every system. You loose a single
centralized security profile for that user. This causes problems in the
auth database in that each system's security profiles for users will begin
to drift.
I don't know exactly if this has any bearing on your problem, but may get
you started in the right direction.
Ken
+---------------------------------------------------------------------------
----------------------------------+
Ken Krueger | Systems &
Operations Manager
The Boeing Company - ELS - Delta IV | (714) 896-6210
5301 Bolsa Avenue, M/S H011-B132 | FAX: (714) 372-0885
Huntington Beach, CA 92647-2099 | ken.krueger_at_boeing.com
+---------------------------------------------------------------------------
-----------------------------------+
Be nice to me or I'll tell my Uncle Freddie... Sweet dreams...
+---------------------------------------------------------------------------
-----------------------------------+
My original question was:
Hi managers,
The problem that we have is the following:
In our environment we have implemented enhanced security (C2) plus the
Yellow Pages (YP)
and if we disconnect the network cable, or the YP server is down, we cannot
login in any of the YP clients using local accounts.
In the configuration of the YP clients we have the search order like
local,yp.
Further more we have done some tests and we know that if we only use the YP
without C2 we can login in local accounts, so it looks like a problem with
mixing C2 + YP.
Does anyone have had the same problem and how can we solve it ????
Thanks in advance,
Pedro Cunha
Systems Engineer
Decsis, Sistemas de Informação Lda.
Rua Pedro Hispano, 1329
4200 Porto
Portugal
Phone: +351 2 8349310
Fax: +351 2 8349319
WWW.DECSIS.PT
Received on Fri Feb 26 1999 - 18:14:45 NZDT