HPE Community
Operating System - HP-UX
1752808 Members
5763 Online
108789 Solutions
New Discussion юеВ

Re: Disable NIS logins

 
SOLVED
Go to solution
Frank TImmers
New Member

тАО07-31-2007 12:13 AM

тАО07-31-2007 12:13 AM

Disable NIS logins

Hello,

We have an HP/UX 11.11 system as NIS Authentication and Fileserver.

The server is currently also configured as NIS client so the "ls -l" shows the users as owner instead of the numeric uid.

We don't however want to allow the users to login to the server, only on the clients it exports the /home to.

I've added the following line to /etc/passwd:
+:*:::::/bin/false

NIS is however ignoring both the * in the password field and /bin/false in the shell allowing the users to login.

Kind Regards,
Frank Timmers.
Old computer types never die, they just go offline
0 Kudos
4 REPLIES 4
Robert-Jan Goossens_1
Honored Contributor

тАО07-31-2007 12:58 AM

тАО07-31-2007 12:58 AM

Re: Disable NIS logins

Hoi Frank,

What if you remove the complete line starting with the +, in other words allow only local defined users to logon the system.

Check the /etc/nsswitch.conf file for the line
passwd: compat
and change it into
passwd: files

Regards,
Robert-Jan
0 Kudos
Peter Nikitka
Honored Contributor

тАО07-31-2007 01:10 AM

тАО07-31-2007 01:10 AM

Solution

Re: Disable NIS logins

Hi,

I think you have something like this in your /etc/nsswitch.conf

passwd: files nis

So your +: entry will be a no-op. To activate it, and so have overrides enabled, use
passwd: compat

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Frank TImmers
New Member

тАО07-31-2007 01:27 AM

тАО07-31-2007 01:27 AM

Re: Disable NIS logins

Hello Robert-Jan and Peter,

Thanks for your replies.

my /etc/nsswitch.conf indeed contained the line: "passwd: files nis"

The solution was, as Peter said, to change this to: "passwd: compat"

It now works as needed. NIS users are still resolved locally on the server, but not allowed to login (due to the overrides in the "+" line in the passwd).

Kind Regards,
Frank Timmers.
Old computer types never die, they just go offline
0 Kudos
Frank TImmers
New Member

тАО07-31-2007 01:33 AM

тАО07-31-2007 01:33 AM

Re: Disable NIS logins

Summary:

=> "+:*:::::" in /etc/passwd (where the * overrides NIS password entry)

=> "passwd: compat" in /etc/nsswitch.conf (compat allowes for the override, in oposition to "passwd: files nis" which accesses NIS directly).

Kind Regards,
Frank.
Old computer types never die, they just go offline
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.