HPE Community
Operating System - HP-UX
1855278 Members
4274 Online
104109 Solutions
New Discussion

NIS and passwd

 
SOLVED
Go to solution
Victor Prasad
Occasional Advisor

‎09-24-2002 08:36 AM

‎09-24-2002 08:36 AM

NIS and passwd

Hello,

I add users to our frontends.
Some have '+' in front of the unix ID - some do not.
I am suppose to to write a script that check for people with '+''s infront of them - do a ypmatch and if they are there - write them back to the passwd file. Ultimately if it fails the ypmatch - they get deleted - but if it passes - they stay.
My script does this - but instead of putting them back with a + sign in front - it puts them back with out the '+' and has their passwd there.

i.e.
Before:
+test::0:0:test One:/home/test:/bin/csh

After:

test:1Fkxy3aNSYggg:0:1:test One:/home/test:/bin/csh


1) Where is it getting the passwd from?
2) If I hard code the 3rd and 4th field to '0' will that affect the user from logging in?
3) Can I blank out the 2nd field passwd and force a '+' infront of the Unix ID (and do step 2) without any consequence to the users?

I hope I am being descriptive enough. Please let me know if you need any clarification.

Thank you for your time!

V
Why doesn't this work....?
0 Kudos
Reply
5 REPLIES 5
Rodney Hills
Honored Contributor

‎09-24-2002 08:40 AM

‎09-24-2002 08:40 AM

Solution

Re: NIS and passwd

When you say "my" script, I sense it wasn't written by you.

1) The password can be gotten by
yppasswd username

2) DO NOT set fields 3 & 4 to zero. That will give them root access

3) You only want "+" if you want the user to be validated against the NIS database.

Hope this helps

-- Rod Hills
There be dragons...
Reply
Rodney Hills
Honored Contributor

‎09-24-2002 08:42 AM

‎09-24-2002 08:42 AM

Re: NIS and passwd

On number 1), that should be
ypcat passwd

-- Rod Hills
There be dragons...
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎09-24-2002 08:55 AM

‎09-24-2002 08:55 AM

Re: NIS and passwd

Not too sure of your question, but I'll try from what I gather.
For your itemiezed questions:
1) where is it getting the passwd from?
The NIS server maps. More specific the "passwd" is the 2nd string
2) If you hard code to 0 will it affect users loggin in?
Not unless it's in the NIS servers passwd file. Normally you should use the UID for noone and the GID for nogroup/noone
I.E.
+::-2:-2:::
3) can you blank the passwd field? Why would you want to?

First, Im not sure of how or why NIS is implemented at your site!

I dont know why you have users on systems with a + in front of their names. + is for NIS substitutioni.
I.E.
+bob::99:99:bob,,,:/home/bob:/bin/csh
in a local passwd file means that if a NIS ID exists for bob it overrides the local.

It sounds like your maintaining local passwd files in comparison with NIS maps anyway, so why not just use NIS as intended?

NIS is intended as a network reposititory for common files. passwd, group, services, hosts, etc... If your making local copies then what is the point in NIS? Better just to rcp /etc/passwd and group than maintain NIS.

Another security note: Dont put root's UID into passwd for users other than root. Thus adding +::-2:-2::: means if a NIS match can not be made completely the user is matched to noone, where +::0:0::: will match unknown users to root.

regards,
Shannon
Microsoft. When do you want a virus today?
Reply
Victor Prasad
Occasional Advisor

‎09-24-2002 09:52 AM

‎09-24-2002 09:52 AM

Re: NIS and passwd

Hello again.

So far - thanks for all the help. The script was not created by me...but is not 'mine'.

Rod said...:


3) You only want "+" if you want the user to be validated against the NIS database.

-- Rod Hills

Yes! - this is what I am suppose to do.

I looks like the original people in the /etc/passwd file have the + in the front and the 2nd and 3rd fields are 0 (I am not sure why they did it this way..but it is)
I am suppose to return the file that way.

The file is written in perl.

But it returns the data without the '+' and puts in other number besides 0's to the 2nd and 3rd field.

What happens is each users is put into /etc/passwd like in this format:
+test::0:0:test One:/home/test:/bin/csh

Once the login - the do not see a command prompt - but are put into a unix based application.

I though the '+' sign meant the unix ID is checked against NIS.

I guess the script leaves a local copy - and it should work for the user logging in.

The '+' sign should make no difference be it local or NIS if the Unix ID exists - right?


I hope I am making sense.

Thanks again for your help.

Victor


Why doesn't this work....?
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎09-24-2002 11:03 AM

‎09-24-2002 11:03 AM

Re: NIS and passwd

I can't help your problem with your script.

If /etc/passwd has an entry such as-
+test::0:0:test One:/home/test:/bin/csh

Then the system looks up "test" in NIS and uses that information for password, userid, and group id number.

If /etc/passwd has an entry such as-
test:1Fkxy3aNSYggg:0:1:test One:/home/test:/bin/csh

Then the system uses that entry for the associated values.

If your script isn't running the way you think it should, I would recommend not running it and maybe developing your own script in a language you can program.

Good Luck

-- Rod Hills
There be dragons...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.