MS Identity Management for Unix and FreeBSD

Ceri Davies ceri at submonkey.net
Tue Jun 12 07:23:25 BST 2007


--TYecfFk8j8mZq+dy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 12, 2007 at 12:01:29AM +0100, Stephen Allen wrote:
>  I'm trying to work with a FreeBSD box on a NIS domain, handled by MS=20
>  Identity Management for Unix.  On the MS server, I've populated the Unix=
=20
>  attributes for NIS domain, UID, login shell, home dir and GID.
>=20
>  OK - ypwhich displays the name of the MS server as the NIS server.
>  OK - ypcat passwd displays the user who's UNIX attributes I added.
>=20
>  In the Identity Management tools on MS, I've set the password encryption=
=20
>  type to MD5.  Also verified that /etc/login.conf and /etc/auth.conf both=
=20
>  allude to MD5.  However, when I try to login, it fails with this error i=
n=20
>  syslog:  PAM: authentication error for illegal user.
>=20
>  If I examine the password file format in /etc/master.passwd, they appear=
 to=20
>  be different (and the NIS password doesn't seem to have been set for=20
>  MyUser):
>=20
>  [root at vh1a9f58 ~]$ ypcat passwd
>  MyUser:ABCD!efgh12345$67890:10000:20::/disk1/test:/usr/local/bin/bash
>  [root at vh1a9f58 ~]$ grep nobody /etc/master.passwd
>  nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nolog=
in

master.passwd isn't the standard passwd(5) format, but that doesn't
matter here; all library routines use /etc/passwd which is compatible.

What's the format of the MD5 encrypted password in NIS?  It would
probably be easier to use the standard crypt encryption across operating
systems, as other hashes are generally not compatible.  This doesn't
necessarily mean that you have to pass crypt()ed passwords on the wire
though if Windows (and indeed, FreeBSD) supports passwd.adjunct maps.

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--TYecfFk8j8mZq+dy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFGbjvdocfcwTS3JF8RArCXAJ4uiH0hVrVj8PeVUGpsc1xOQIfAVwCfU4VB
QGHo9E9eMsbE2RRYDzID2NU=
=mN9C
-----END PGP SIGNATURE-----

--TYecfFk8j8mZq+dy--




More information about the Ukfreebsd mailing list