topic Re: Disable NIS logins in Operating System - HP-UX

Disable NIS logins

Frank TImmers — Tue, 31 Jul 2007 07:13:48 GMT

Hello,

We have an HP/UX 11.11 system as NIS Authentication and Fileserver.

The server is currently also configured as NIS client so the "ls -l" shows the users as owner instead of the numeric uid.

We don't however want to allow the users to login to the server, only on the clients it exports the /home to.

I've added the following line to /etc/passwd:
+:*:::::/bin/false

NIS is however ignoring both the * in the password field and /bin/false in the shell allowing the users to login.

Kind Regards,
Frank Timmers.

Re: Disable NIS logins

Robert-Jan Goossens_1 — Tue, 31 Jul 2007 07:58:19 GMT

Hoi Frank,

What if you remove the complete line starting with the +, in other words allow only local defined users to logon the system.

Check the /etc/nsswitch.conf file for the line
passwd: compat
and change it into
passwd: files

Regards,
Robert-Jan

Re: Disable NIS logins

Peter Nikitka — Tue, 31 Jul 2007 08:10:33 GMT

Hi,

I think you have something like this in your /etc/nsswitch.conf

passwd: files nis

So your +: entry will be a no-op. To activate it, and so have overrides enabled, use
passwd: compat

mfG Peter

Re: Disable NIS logins

Frank TImmers — Tue, 31 Jul 2007 08:27:23 GMT

Hello Robert-Jan and Peter,

Thanks for your replies.

my /etc/nsswitch.conf indeed contained the line: "passwd: files nis"

The solution was, as Peter said, to change this to: "passwd: compat"

It now works as needed. NIS users are still resolved locally on the server, but not allowed to login (due to the overrides in the "+" line in the passwd).

Kind Regards,
Frank Timmers.

Re: Disable NIS logins

Frank TImmers — Tue, 31 Jul 2007 08:33:16 GMT

Summary:

=> "+:*:::::" in /etc/passwd (where the * overrides NIS password entry)

=> "passwd: compat" in /etc/nsswitch.conf (compat allowes for the override, in oposition to "passwd: files nis" which accesses NIS directly).

Kind Regards,
Frank.