Need Help Using NIS netgroup (Using Solaris NIS w/PAM enbaled)

---

• From: "Vadim Pushkin" <wiskbroom@xxxxxxxxxxx>
• Date: Fri, 21 Apr 2006 13:59:37 +0000

---

Hello;

I am having difficulties setting up ssh (ossh4.3p2 with PAM-enabled - NIS -Solaris8/Sparc) to authenticate and allow users passwordless entry based solely on one or more of the following:

1. User is a member of an NIS 'group', say group1, and this group has been setup within sshd_config using "AllowGroup group1".

2. User and/or host is a valid member of NIS 'netgroup', whereby the client host has been defined as being a part of netgroup named netgroup1 or the user from 'any' machine as being a part of netgroup netgroup2. In this case I am using "AllowGroup netgroup1 netgroup2".

Authentication is already setup properly for rsh and rsh denies users based on their host and/or user, all from NIS and depending what is contained within /etc/hosts.equiv and/or /.rhosts. What I wish to do is to duplicate this within ossh.

For instance, I have three machines.

host-A - this machines root can log into anywhere and denies all machines not belonging to netgroup X

host-B - this machine does not belong to netgroup X and is denied access to machines in this netgroup. This machine is a member of netgroup Y and allows root logins from machines in netgroup X and Y. (X is not restricted anywhere) as well as 'netgroup' user12@XXX

host-C - this machine belongs to netgroup Z, accepts connections from netgroups users1@X users1@Y and anyone@Z.

I am having alot of trouble finding information on how to get NIS netgroup to work into my sshd_config. Since I am using PAM, should my pam.conf contain some special information for ssh w/PAM? Do I need any special pam modules?

Should I create a special /etc/shosts.equiv and/or ~.shosts file/s? If so, what should I place into my sshd_config for the above?

Many thanks in advance,

.vp

---

• Prev by Date: Antwort: Re: X11 tuneling: a hard to fix problem
• Next by Date: scp with restricted shell
• Previous by thread: SSH, Solaris, and X-Session Hang
• Next by thread: scp with restricted shell
• Index(es):
  • Date
  • Thread

---

Relevant Pages questions about nfs and netgroup ... i have a question about policy to update my nfs shares. ... Machines are added/removed in netgroup (nis files) ... (SunManagers) [SLE] Firewall x Samba ... typing the URL smb:/ and choose a Netgroup and them ... all machines and their shares. ... When the SuSE firewall is in place, ... (SuSE) NFS exports and netgroups ... I cant seem to find a good example of an NFS exports file for freebsd that ... uses a netgroup to restrict mount access to a group of machines. ... (freebsd-questions) problems with netgroups/.rhosts in enterprise WS. ... Solaris machines. ... doesn't recognize netgroup in '.rhosts'. ... the same file works without a problem on the enterprise server machines. ... (RedHat) Host equivalence ... with netgroup to allow admins to hop ... Moving to ssh they had planned to use shosts.equiv ... with netgroup and NIS. ... (SSH)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > Secure_Shell  > 2006-04