MS Identity Management for Unix and FreeBSD
ceri at submonkey.net
Tue Jun 12 07:23:25 BST 2007
Content-Type: text/plain; charset=us-ascii
On Tue, Jun 12, 2007 at 12:01:29AM +0100, Stephen Allen wrote:
> I'm trying to work with a FreeBSD box on a NIS domain, handled by MS=20
> Identity Management for Unix. On the MS server, I've populated the Unix=
> attributes for NIS domain, UID, login shell, home dir and GID.
> OK - ypwhich displays the name of the MS server as the NIS server.
> OK - ypcat passwd displays the user who's UNIX attributes I added.
> In the Identity Management tools on MS, I've set the password encryption=
> type to MD5. Also verified that /etc/login.conf and /etc/auth.conf both=
> allude to MD5. However, when I try to login, it fails with this error i=
> syslog: PAM: authentication error for illegal user.
> If I examine the password file format in /etc/master.passwd, they appear=
> be different (and the NIS password doesn't seem to have been set for=20
> [root at vh1a9f58 ~]$ ypcat passwd
> [root at vh1a9f58 ~]$ grep nobody /etc/master.passwd
> nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nolog=
master.passwd isn't the standard passwd(5) format, but that doesn't
matter here; all library routines use /etc/passwd which is compatible.
What's the format of the MD5 encrypted password in NIS? It would
probably be easier to use the standard crypt encryption across operating
systems, as other hashes are generally not compatible. This doesn't
necessarily mean that you have to pass crypt()ed passwords on the wire
though if Windows (and indeed, FreeBSD) supports passwd.adjunct maps.
That must be wonderful! I don't understand it at all.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the Ukfreebsd