Operating System - HP-UX
1831554 Members
3944 Online
110025 Solutions
New Discussion

NIS/YP authentication control issues

 
Alex Green
Frequent Advisor

NIS/YP authentication control issues

Hi All,

I'm having an issue for HPUX11i and NIS/YP. The machine is currently in the process of updated for use with ClearCase. However I have the problem that when I remove the + from the passwd all users can still login. The only way to prevent user login is to remove the nis option from the nsswitch.conf. But I need the nis UID/GID info.

Can anyone tell me how I can restrict logins to certain users without allowing everyone.

Thanks.
P.S. I have tried with +username only, however all users can still login
"The physicist's greatest tool is his wastebasket." - Albert Einstein.
6 REPLIES 6
Massimo Bianchi
Honored Contributor

Re: NIS/YP authentication control issues

Hi,
did you changed the /etc/nsswitch.conf ?

I think you have to change the password and group lines.

Massimo

Alex Green
Frequent Advisor

Re: NIS/YP authentication control issues

I have changed the passwd and groups line so that nis is included as well as files, this is needed otherwise ClearCase well not know all the required UID/GID info.

However when nis is included all users can login

Thnx
"The physicist's greatest tool is his wastebasket." - Albert Einstein.
Massimo Bianchi
Honored Contributor

Re: NIS/YP authentication control issues

Did you try disabling the account ?

or

After the change of the passwd, did you re-issued the refresh command for nis (i don't remember it now). may be NIS caches the information..

Massimo
Alex Green
Frequent Advisor

Re: NIS/YP authentication control issues

Ok,

The original config was to allow all users local & NIS to login. So the /etc/passwd & /etc/group has "+" as the last entry and the nsswitch.conf has "nis" after "files" for passwd & group.

However I now want that only one NIS user can login aswell as the local users. So I left the nsswitch.conf how it was configured and replaced the "+" with "+username" in the /etc/passwd & /etc/group.

But with the new configuration all users can login, it is not at all restricted to the "+username", which is how it works on every other *NIX.
"The physicist's greatest tool is his wastebasket." - Albert Einstein.
Dmitry G. Spitsyn
Trusted Contributor

Re: NIS/YP authentication control issues

Alex !

All you need now is to add the following lines for passwd and group into /etc/nsswitch.conf:

passwd: compat
group: compat

BR,
Dmitry
Caesar_3
Esteemed Contributor

Re: NIS/YP authentication control issues

Hello!

Check your client config file
/etc/nsswitch.conf
and change the passwd ang group will take
only from local not from NIS

Caesar