Adam C Powell IV <[EMAIL PROTECTED]> writes: > Ramin Motakef wrote: > > > Hi! > > Don´t know if this is our problem, but after a recent ubgrade of a > > slink box the +::: entryies in /etc/passwd and /etc/group on this box > > where missing. > > > > I didnt notice this at first, as i was logged in as root, so i dont > > know which package caused this (base-passwd??). > > > > Anyway, editing /etc/passwd and /etc/group solved the problems with > > nis for me. > > Thanks very much, that was the first thing I checked. The plus > entries are still there, on > the master and the client. > > With the new NIS, do I have to put such entries in /etc/shadow and > /etc/gshadow too? How > does this relate to the doc section "restricting access to the NIS > server"? Do I put those > in in the same way? Didn't have to with the old NIS... > > Zeen, > > -Adam P. >
You have to put the +:: Entries in /etc/shadow if you use shadow-passwords on the clients. I don´t know anything about hshadow, as i dont use passwd-protected groups. So one possibility is to run "shadowconfig off" on the clients, the other is to enter +:: in /etc/shadow (as much :´s as in the other lines....). I think "restricting access to the NIS server" refers to the using of NIS for validation on the server. If you leave out the *:: on the server, it doesn´t use NIS for authentication. Ramin PS.: I´am not a security expert and am not sure if using shadow passwords with nis is safer then "traditional passwords".
