Enhanced Security and NIS from Gerfried J. Kumbartzki on 2002-03-25 (tru64-unix-managers)

From: Gerfried J. Kumbartzki <kum_at_physics.rutgers.edu>
Date: Sun, 24 Mar 2002 15:54:48 -0500

Hi

checking the archives did not give me an answer only the impression not
everything is smooth with NIS and Enhanced Security.
For too long I shunt C2. Here is my experience and my problem.
I admin some 20 Alphasystems all running Compaq Tru64 Unix 5.1 (with
patches), mostly desktop machines.
Two sets of machines. The two sets are different in that they constitute
two separate NIS domains, each group has one master and the rest are
clients.

Domain ONE works as expected. Logins from any client are granted and
registered at the master.
/var/tcb/files/auth.db is updated at the master. edauth -g user returns
the same on the master and
client.

Domain TWO gives the headache. I can login to the master as expected.
/var/tcb/files/auth.db is
updated 'properly'.
If I try to login from a client with the NIS passwd I get refused, Login
incorrect. The data base /var/tcb/files/auth.db at the client was
updated and modified (u_numunsuclog# is incremented)
but not the /var/tcb/files/auth.db on the master. They are hopelessly
out of sync, different encrypted passwds). On the master only file
__db_lock.share is touched at the login attempt on the client.

NIS is running and setup as 'usually'. If NIS is stopped the behaviour
is also 'as expected'
edauth lets not modify the user entry, it does not know the users.With
NIS running it tells to modify the users on the NIS master.

What is different in both setups? I looked at the System&Network
Management Documentation.
Security chapt.9 talks at length about NIS and Enhanced Security, how to
setup.

edauth -dd default

is on all systems as far as I can tell exact the same.
I like to know what does it mean in the docs
Set the following fields:

d_skip_success_login_log:
d_skip_ttys_update:

when converting to C2.
On all my systems it is

d_skip_success_login_log_at_:
d_skip_ttys_update_at_:

But, that does not seem to make the difference.

I remember something about the order in which C2 and NIS are setup, but
do not remember it's significance.

Since all clients on system TWO have the 'same' problem I'm tempted to
'blame' it on the master setup.
But fishing in the dark is no solution. Maybe somebody out there knows
the 'simple' fix.

I appreciate your patience

Gerfried

text/x-vcard attachment: Card for Gerfried J. Kumbartzki

Received on Sun Mar 24 2002 - 20:55:02 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT