Re: Solaris NIS+ authentication and ssh 3.1.0

• Previous message: bill davidsen: "Re: PuTTY's public Keys do not authenticate with ssh.com server"
• In reply to: Nico Kadel-Garcia: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Next in thread: Neil W Rickert: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Next in thread: Neil W Rickert: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Reply: Neil W Rickert: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: bkarnold@cbu.edu (Ken Arnold)
Date: Tue, 29 Jan 2002 14:13:19 GMT

Our root master server and replica are running Solaris 7. The NIS+
clients are running either Solaris 7 or Solaris 8. All of our nodes
are IPV4. The /etc/nisswitch.conf file contains:

# the following two lines obviate the "+" entry in /etc/passwd and
/etc/group.
passwd: files nisplus
group: files nisplus

# consult /etc "files" only if nisplus is down.
hosts: files dns nisplus [NOTFOUND=return]
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on,
consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: nisplus [NOTFOUND=return] files

#Uncomment the following line, and comment out the above, to use both
DNS
#and NIS+. You must also set up the /etc/resolv.conf file for DNS
name
#server lookup. See resolv.conf(4).
#hosts: nisplus dns [NOTFOUND=return] files

services: files nisplus [NOTFOUND=return]
networks: files nisplus [NOTFOUND=return]
protocols: files nisplus [NOTFOUND=return]
rpc: files nisplus [NOTFOUND=return]
ethers: files nisplus [NOTFOUND=return]
netmasks: files nisplus [NOTFOUND=return]
bootparams: files nisplus [NOTFOUND=return]

publickey: nisplus

netgroup: nisplus

automount: files nisplus
aliases: files nisplus
sendmailvars: files nisplus

printers: user nisplus files

auth_attr: files nisplus
prof_attr: files nisplus
project: files nis

The problem isn't that users can't login. The problem is that once
the users have logged in they are not authenticated properly with
NIS+. Users need to enter "keylogin" and enter their password again
in order to become authenticated.

I have done some more searching and I discovered a Sun Blueprint for
"Building and Deploying OpenSSH for the Solaris Operating
Environment". The steps look much more complex than the steps
necessary to get ssh-3.1.0 working but if it will provide NIS+
authentication it is worth it. I am hoping that someone has figured
out an easy way to make ssh-3.1.0 do the same thing before I go that
direction.

Ken Arnold

On Tue, 29 Jan 2002 00:50:24 GMT, "Nico Kadel-Garcia"
<nkadel@bellatlantic.net> wrote:

>
>"Ken Arnold" <bkarnold@cbu.edu> wrote in message
>news:3c557d40.9915245@news.cbu.edu...
>> Has anyone managed to get ssh 3.1.0 to successfully authenticate a
>> NIS+ user in a Solaris environment? We also have ssh1 version 1.2.32
>> on our systems and it is able to perform this authentication but ssh2
>> is not able to do this. I have tried setting up ssh2 for PAM
>> authentication according to the FAQ but either I have not been
>> successful in doing this or PAM authentication does not provide NIS+
>> authentication.
>>
>> Ken Arnold
>
>Save yourself work. Proceed directly to OpenSSH 3.0.2p1, which has excellent
>Solaris support and notes in the "contrib" directory about Solaris
>installations and overall is vastly more portable.
>
>Also, for NIS+ use, you haven't defined the OS of your clients, server, or
>the /etc/nsswitch.conf configuration. Please add these bits of information.
>
>

• Next message: Simon Tatham: "Re: OpenSSH"
• Previous message: bill davidsen: "Re: PuTTY's public Keys do not authenticate with ssh.com server"
• In reply to: Nico Kadel-Garcia: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Next in thread: Neil W Rickert: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Next in thread: Neil W Rickert: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Reply: Neil W Rickert: "Re: Solaris NIS+ authentication and ssh 3.1.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: "Resolving" problem. ... # entry should stop if the search in the previous entry turned ... # (like no NIS server responding) then the search continues with the ... # dns Use DNS ... #passwd: db files nisplus nis ... (comp.os.linux.networking) Re: How introducing a new network host to my Sun(OS 5.7)? ... I added the name to the hosts file but the system still ... # uses NIS+ in conjunction with files. ... passwd: files nisplus ... You must also set up the /etc/resolv.conf file for DNS ... (comp.sys.sun.misc) Re: NIS client and RedHat 8 ... Both the client and the server are identical; I am a total newbie to NIS ... so I'm guessing. ... I'm also really unsure of the difference in all the ... passwd: files nisplus ... (comp.os.linux.networking) Re: Solaris NIS+ authentication and ssh 3.1.0 ... > on our systems and it is able to perform this authentication but ssh2 ... > successful in doing this or PAM authentication does not provide NIS+ ... Solaris support and notes in the "contrib" directory about Solaris ... (comp.security.ssh)