HPE Community
Operating System - HP-UX
1838598 Members
4106 Online
110128 Solutions
New Discussion

passwd Question.

 
SOLVED
Go to solution
brian_31
Super Advisor

‎07-26-2002 08:27 AM

‎07-26-2002 08:27 AM

passwd Question.

Hi Team:

We are running a security software which is mandatory for all of our servers. It flags the /etc/passwd file (because it looks for a shadow file may be). It does not flag /etc/passwd.nis. We are using NIS and we cannot go trusted. Is there a way we can create a shadow file so that we get thru this audit?? We can't go NIS+ as we have committed to NIS with lot of development work based on that.Please help.

Thanks
Brian.
0 Kudos
Reply
7 REPLIES 7
Rodney Hills
Honored Contributor

‎07-26-2002 08:30 AM

‎07-26-2002 08:30 AM

Re: passwd Question.

You may want to start using "ldap". The integration tools have options to work with NIS.

You can do a search on this forum for discussions regarding ldap.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎07-26-2002 08:35 AM

‎07-26-2002 08:35 AM

Re: passwd Question.

I, too, have had that problem with security audits on my HP machines running NIS.

To answer your question, NO, there is NOT any option to create a password shadow file without going trusted, which you can't do because of NIS.

Unfortunately, that's the way it is.
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎07-26-2002 08:56 AM

‎07-26-2002 08:56 AM

Re: passwd Question.

Check into ldap.

HTH
Marty
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-26-2002 10:03 AM

‎07-26-2002 10:03 AM

Re: passwd Question.

Sorry, unless you can go to NIS+ there is no good answer. I suspect that your security software is actually looking an the passwd field inside /etc/passwd and if it sees no passwd or a passwd hash if views this as insecure. It probably expects an impossible value (e.g. '*') before it considers the passwd file to be secure.
If it ain't broke, I can fix that.
0 Kudos
Reply
brian_31
Super Advisor

‎07-26-2002 10:44 AM

‎07-26-2002 10:44 AM

Re: passwd Question.

Hi Clay:

It is true that it looks for the shadow files and the * entry in the password file. But what is strange is while there are 1000+ users in /etc/passwd.nis it does not complain about the users's passwd in passwd.nis but complains about a couple of users' passwd in /etc/passwd for poor passwd combination. Wonder why?

Thanks
Brian.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-26-2002 10:57 AM

‎07-26-2002 10:57 AM

Solution

Re: passwd Question.

That makes perfect sense. The file /etc/passwd.nis means nothing to the OS; /etc/passwd is all that matters. No programs (passwd functions) are going to look in passwd.nis for authenication. In fact, passwd.nis just happens to be your source file for the NIS passwd map (I'm guessing here since it could be named anything). In many cases, the source file for the passwd map is simply /etc/passwd on the NIS master server.

If it ain't broke, I can fix that.
Reply
brian_31
Super Advisor

‎07-26-2002 11:12 AM

‎07-26-2002 11:12 AM

Re: passwd Question.

Thanks Clay:

Got it. I can even name it as passwd.brian and make changes to the respective makefile to effect the changes is it not? Makes sense. So there is really there is nothing we can do to the few /etc/password users (basis sys group) that are getting flagged 'coz there is no shadow file. Is there not even a workaround for this that we can get thru with.

Thanks
Brian.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.