Hello and sorry for the long delay, but I had to do some other staff in the

last two weeks.

Original situation and question:

My situation:

We are running a lot of hosts with SunOS 4.1.3 and a few hosts with Solaris2.3

In our environment we are using NIS ( still testing NIS+ ) and our

NIS master server is a SS10 running SunOS4.1.3.

What I try to do:

I only want to use the C2 security package to hide our encrypted passwords.

In a pure SunOS 4.1.3 environment this is no problem, e.g. we use it on

our students network.

But in my opinion this is a problem if I am using Solaris hosts in my NIS

domain. Because im my humble opinion the /usr/etc/rpc.pwdauthd daemon

is necessary to redirect the pwdauth and grpauth authentication requests

to the right file and nis maps *.adjunct. But this daemon program doesn't exist

on Solaris 2.3. So I think it is not possible to use the C2 security in

an environment with SunOS and Solaris machines, because on the Solaris NIS clients the user should not be able to login to his NIS account.

My question:

(1) Is it possible to use C2 on a SunOS4.1.3 NIS server with

    Solaris clients ?

(2) Is there another solution to hide the encrypted passwords with a

    SunOS 4.1.3 NIS server.

The solution to the above questions.

(1) Yes it is possible and it is trivial too.

    The C2 security package on SunOS4.1.3 works with Solaris 2.3 out of the box.

    You don't have to do anything on a Solaris 2.3 client.

    I tried this today and I had really no problems.

    For Solaris 2.2 there is a patch (101022-05). With this patch it

    should be possible too.

    I didn't test this because we are running Solaris2.3.

    

    

    

(2) It seems to be, that you can also use the Basic Security Module (BSM) on

     a Solaris 2.3 and Solaris 1.1 environment.

     BSM should be available for Solaris and SunOS.

     I didn't try this, because the first solution [ see (1) ] was everything

     I need.

The table of honour:

I got only two responses but it was exactly what I need.

Thanx to:

   Leonard Sitongia <sitongia@zia.hao.ucar.edu>, who gave me the information

   that it works out of the box.

   Butch Deal NRL <deal@ait.nrl.navy.mil>, who mentioned BSM.

   

Thanx,

     Torsten.