SUMMARY: NIS, PAM and an old question

Detlev Habicht (habicht@ims.uni-hannover.de)
Wed, 11 Feb 1998 14:25:07 +0100

Hi all!

My question was:

We have in the past some discussions about a solution to allow only
root login in a server, while running NIS.

The only solution was every time, to disable NIS for passwd in
/etc/nsswitch.conf (something like this: passwd: files ).

This has some disadvantages (we can only see the UIDs, problems
with samba and so on ...).

Well, now i get a hint, that Solaris 2.5.1 is delivered with PAM.
(I know, Solaris 2.6 has also PAM and it has some docs).

Solaris 2.5.1 has no docs for PAM, i think.

My question now is:

Is there any PAM configuration for Solaris 2.5.1 to allow only root login
to the host while running NIS?

Which PAM module uses only /etc/passwd for authentification?

Well, old question - old solution:

I change passwd in nsswitch.conf to:

passwd: compat

And i add a line to /etc/passwd:

+:*:::::

Running pwconv and it works now.

I get no hints for a PAM solution.

I don't know my mistake in former times. I tried it nearly in the
same way ... :-} . But i think, it is very important to use only the
passwd-line for NIS. For NIS+ is a second line passwd_compat necessary.

Thanx to:

Mike Blandford <mikey@NMSU.Edu>
"Mark A. Baldwin" <mark.baldwin@aur.alcatel.com>
Job Bogan <job@piquin.uchicago.edu>
Casper Dik <casper@holland.Sun.COM>
Mike Blandford <mikey@nmsu.edu>
Arthur Darren Dunham <add@netcom.com>
Chris Liljenstolpe <cds@io.com>
rbgabriel@amoco.com (Roland B. Gabriel)

Detlev

-- 
 Detlev  | Institut fuer Mikroelektronische Systeme, Uni Hannover
 Habicht | D-30167 Hannover +49 511 7624992 habicht@ims.uni-hannover.de
 --------+-------- Handy    +49 172 5415752 ---------------------------