Re: Sparc Solaris NIS client Linux NIS server
- From: dogdog@xxxxxxxxxxx
- Date: Sun, 11 Dec 2005 03:25:55 GMT
On Sat, 10 Dec 2005 17:49:28 +0000, Chris Cox wrote:
> dogdog@xxxxxxxxxxx wrote:
>> I'm cross posting this from comp.unix.solaris in hopes
>> that the linux admins can help or have had similiar
>> experience.
>>
>> Sunfire V240 Solaris 8 02/04. I've configured it as a
>> nis client. I logon as root (local account). Verify that it sees
>> the nis master (ypwhich), verified that it can cat the hosts file
>> (ypcat hosts), verified that it can see the passwd file (ypcat
>> passwd). These all work. I have also the ability to (when logged
>> in as root) su - <username> and become a user (whereas the user
>> is a NIS user with account information and home directory on the
>> Linux NIS server). What I cant do is logon via the CDE logon
>> screen. I get the "incorrect logon" error.
>>
>> I've ran ethereal to check the connection and the closest anomaly
>> I found was that when logging on the Solaris box via CDE it is not sending
>> the logon credentials to the Linux NIS server, therefore not getting a response
>> back that its a valid logon. Now, this isnt the end. I also ran
>> ethereal against a telnet session to the solaris box, and I did see
>> it send the username over the wire to the NIS server, but again
>> got an incorrect logon error.
>>
>> Has anyone seen this?? I'm thinking a patch or something since the
>> sparc is freshly built with no patches.
>
> NIS doesn't "send the username/password" over the wire, ... well
> not the way you make it sound. It merely looks them up out of
> the NIS tables available to the client (which do go across the
> wire or out of cache... which I don't recommend).
>
> We replaced our Solaris NIS server with a Linux one years ago.
> Everything works fine. Including logging on using CDE on those
> clients.
>
> Check your nsswitch.conf on your Solaris client.
I'll check over the nsswitch.conf and verify that its right. But
I'd differ on the not sending the information over the wire.
>From what I've seen on an ethereal dump its certainly sending
the username over and requesting verification, if this is a lookup
or not is basically unimportant since the information is on the
wire and is trying to verify
based on a NIS map and it is responding
back, I can verify if its the shadowed passwd or not but I believe
it may be. Its always been my understanding, other than the ability
to just simply ypcat passwd, that this is one of the inherent
insecurities with NIS. I can say that I did see the username
going in the clear.
Thanks for your input.
.
- Follow-Ups:
- Re: Sparc Solaris NIS client Linux NIS server
- From: dogdog
- Re: Sparc Solaris NIS client Linux NIS server
- From: Chris Cox
- Re: Sparc Solaris NIS client Linux NIS server
- From: Nico Kadel-Garcia
- Re: Sparc Solaris NIS client Linux NIS server
- References:
- Sparc Solaris NIS client Linux NIS server
- From: dogdog
- Re: Sparc Solaris NIS client Linux NIS server
- From: Chris Cox
- Sparc Solaris NIS client Linux NIS server
- Prev by Date: Re: What is the best way to copy datas from an old dying HDD to a new HDD?
- Next by Date: Re: Sparc Solaris NIS client Linux NIS server
- Previous by thread: Re: Sparc Solaris NIS client Linux NIS server
- Next by thread: Re: Sparc Solaris NIS client Linux NIS server
- Index(es):
Relevant Pages
|
