NIS passwd compatibility in Solaris 2.3
------------------------------
I haven't been able to get much response from Sun on this, sooo..
This worked under Solaris 2.2, but since I upgraded to Solaris 2.3, this is
not working correctly.
I wish to use the NIS (not NIS+) passwd map for selected users, and deny
everyone else access to the machine. I do this by putting..
+poffen::0:0:::/bin/csh
+basie::0:0:::/bin/csh
+kelly::0:0:::/bin/csh
+::0:0:::/bin/false
in /etc/passwd on the Sol 2.3 machine. My /etc/nsswitch.conf file looks like..
#
# /etc/nsswitch.nis:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the /etc/netconfig
# file contains "switch.so" as a nametoaddr library for "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: compat
group: compat
# consult /etc "files" only if nis is down.
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
# for efficient getservbyname() avoid nis
services: files nis
sendmailvars: files
I can login fine (accepts my password), but it cannot find my home directory,
it gives..
REP@augusta 48>rlogin softbase
Password:
No directory! Logging in with home=/
Last login: Wed Feb 16 08:11:33 from augusta
Sun Microsystems Inc. SunOS 5.3 Generic September 1993
You have mail.
But the home directory IS mounted and available. The problem appears to be that
it is interpreting the GCOS field of the NIS passwd entry for the home
directory instead of the proper field. This is evidenced by saying..
softbase% cd ~poffen
Russ Poffenberger: No such file or directory
Is there a patch (I couldn't find anything obvious in the patch database. We
have only one patch installed so far, 101329-05, which we installed to make
clearcase work, the behavior is the same before and after the patch).
------------------------
Turns out there is a patch, 101448-01 that fixes the problem, here is the
README..
Patch-ID# 101448-01
Keywords: passwd compat mode fails
Synopsis: SunOS 5.3: Passwd compat mode fails.
Date: Dec/20/93
Solaris Release: 2.3
SunOS release: 5.3
Unbundled Product:
Unbundled Release:
Topic: SunOS 5.3: Passwd compat mode fails.
BugId's fixed with this patch: 1149161
After applying the patch, it worked as it should.
Thanks to the following people for their responses..
cfoley@arsenic.cray.com (Chuck Foley)
futzi@uni-paderborn.de (Michael Kutzner)
ianh@virgil.UK (Ian Herd - Sun UK - Answer Centre)
lbd@mhcnet.att.com (Leslie_B_Dreyer Kalra)
And especially to AROSSITE.US.ORACLE.COM (AROSSITE@us.oracle.com) who kindly
answered some other questions, particularly pointing out that in order for the
encrypted passwords to be picked up from NIS as well, the password field in
/etc/shadow must be empty.
Russ Poffenberger DOMAIN:poffen@San-Jose.ate.slb.com
Schlumberger Technologies ATE UUCP: {uunet,decwrl,amdahl}!sjsca4!poffen
1601 Technology Drive CIS: 72401,276
San Jose, Ca. 95110 Voice: (408)437-5254 FAX: (408)437-5246
