1833187 Members
3260 Online
110051 Solutions
New Discussion

Nis+ in trusted system

 
Alvaro Arnau Gómez
Occasional Advisor

Nis+ in trusted system

We have two nodes with MC/Service Guard one of them is nis+ server and the other is a replica server, we have also another hp-ux this is nis+ client only. All of them are trusted.
We have implemented our security policies filling the tables passwd (shadow fields) and trusted in this way:
trusted.org_dir
XXXX:1:6:31536000:0:0:0:1:1:0:10:::1018356085::::
passwd.org_dir XXXX:criptedpass:12345:54321:you:/home/you:/usr/bin/ksh:11786:2:35:35:185:12146:0

All is working correctly except: if a user must be locked (i.e. it makes 3 fails while login), it is locked only in the local machine not in the nis+ domain.
said in other way the nis+ policies restrict the login attempts to 2 If user A fails 3 times in machine XX user A is only blocked in machine XX it can login in machine YY without problems.
with XX and YY any machine of the nis+ domain.
This is not correct for us because if the production packet goes to the other node the user prod can be blocked. Is there a way to change that?

Thx in advance
Regards