[NBLUG/talk] SSH authenticating problem with NIS

Mark Street jet at sonic.net
Mon Jan 12 11:20:06 PST 2004


All right...  I'll bite.   Let's start from the beginning.

What do the lines in /etc/nsswitch.conf look like?  Paste it so we can see. 

Any info you can provide from /var/log/messages or /var/log/secure after a 
failed login would be helpful.

How are you building your maps for shadow?  Are you merging it with passwd?  
Probably defined in /etc/ypserv.conf.  Pasting that file in a reply might 
help also....  As well as the beginning of the file Makefile in /var/yp/

From Makefile in /var/yp
# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=

# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
MERGE_GROUP=

That should be enough to keep you busy for awhile....


On Monday 12 January 2004 10:41, sms at sonic.net wrote:
> > I have found serveral articls regarding this on google, but no answers.
> > The problem, SSH users passwd's are not being authenticated by NIS. I am
> > using RH9.0 Server and Clients. We are using standard password and
> > shadow mechanism. We are not using broadcast on the clients for NIS, it
> > is a direct query from the /etc/yp.conf file.
> > 	I can use telnet, and NIS authenticates correctly. The problem is
> > the way SSh is trying to lookup the password (at least from what I can
> > tell). Any ideas?
>
> Sorry, no quick fixes; my gut tells me that it's likely an sshd config
> issue, but I ain't RHCanything, so...  <shrug>
>
> Does SSH correctly auth users in /etc/passwd, or LDAP (i.e. for ANY other
> methods than NIS, most particularly for database-services rather than for
> flatfile lookups)?
>
> <pondering>  AFAIK, the NIS files aren't supposed to be consulted directly;
> maybe SSH requires NIS passwd transactions be done with the NIS services?
> This'd be a "more primitive" thing for telnet -- being able to query from
> the files -- and a "sophisticated" requirement of SSH.  Just a thought...
>
> Have you run ssh -d (debug mode)?  This may give some additional info.
>
>
> - Steve S.
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk

-- 
Mark Street, D.C.
Red Hat Certified Engineer
Cert# 807302251406074
--
Key fingerprint = 3949 39E4 6317 7C3C 023E  2B1F 6FB3 06E7 D109 56C0
GPG key http://www.streetchiro.com/pubkey.asc




More information about the talk mailing list