|
|
Solaris NIS and shadow file
I need some clarification on the interaction of NIS and the passwd and
shadow files. I know the x in the passwd file correlates to the
encrypted passwd being stored in the shadow file. However, what does
it mean when there is an x in the shadow file as well? In addition
what does this mean for netgroups? How does the host know how to
query accounts? I know the nsswitch.conf file tells the server "where
to look" but I would like details of the exact process.
|
|
0
|
|
|
|
Reply
|
 littlehelphere
|
12/30/2008 2:41:33 AM |
|
littlehelphere@gmail.com writes:
>I need some clarification on the interaction of NIS and the passwd and
>shadow files. I know the x in the passwd file correlates to the
>encrypted passwd being stored in the shadow file. However, what does
>it mean when there is an x in the shadow file as well?
The account can't login then.
> In addition what does this mean for netgroups?
No change.
> How does the host know how to query accounts? I know the
> nsswitch.conf file tells the server "where to look" but I would like
> details of the exact process.
The C library routines that do the lookups follow the nsswitch.conf
file which eventually calls the nss_*.so objects located in /usr/lib
which handle each available method that could be listed in the
nsswitch.conf file.
There isn't much detail documented at that level, you'd have to read
the source on opensolaris.org to really follow. There might be
something in the Solaris Internals book..
|
|
|
0
|
|
|
|
Reply
|
Doug
|
12/30/2008 4:09:43 AM
|
|
On Dec 29, 7:41=A0pm, littlehelph...@gmail.com wrote:
> I need some clarification on the interaction of NIS and the passwd and
> shadow files. =A0I know the x in the passwd file correlates to the
> encrypted passwd being stored in the shadow file. =A0However, what does
> it mean when there is an x in the shadow file as well? =A0In addition
> what does this mean for netgroups? =A0How does the host know how to
> query accounts? =A0I know the nsswitch.conf file tells the server "where
> to look" but I would like details of the exact process.
NIS combines the password and shadow file into the NIS map. So if
your using NIS the shadow file is not used unless the lookup goes to
local files.
I would need more information to comment on the "x" in the shadow
file. Like what shadow file? /etc/shadow? I would be interested in the
passwd: line in the /etc/nsswitch.conf file as well. (My guess is that
the "x" was added after the maps were created and the source for the
maps are not /etc/passwd and /etc/shadow files.)
nsswitch.conf contains lines the describe where the system should look
for data, for example hosts, the line in the nsswitch.conf for hosts
determine hostname lookup.
First a simple example:
hosts: files dns
Indicates the system should first in files for a host name, then if
the host in not found look in DNS.
When a look up is done in a database it can produce these results:
SUCCESS the host name was found, return the information and quit
looking
UNAVAIL the source db is not avaliable, for example NIS is in the
file but not configured on the system
NOTFOUND the information was not found in this db
TRYAGAIN the source db is configured but does not answer
All except a SUCCESS result in the lookup continuing to the next db or
if no other sources are list the result is a failure, these are
described as "actions", the default action is, as I just described,
CONTINUE, a alternate action is RETURN which means, quit looking for
the information and return.
So in this example:
hosts: nis [NOTFOUND=3Dreturn] files
indicates that when NIS is searched if the result is NOTFOUND the the
action is changed to "return", files are not checked, if the result is
UNAVAIL or TRYAGAIN then "files" is searched.
Is that what you were looking for?
|
|
|
0
|
|
|
|
Reply
|
tim
|
12/30/2008 4:01:33 PM
|
|
|
2 Replies
439 Views
(page loaded in 0.002 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25712 articles. 
78 followers. 