[NBLUG/talk] SSH authenticating problem with NIS
Mark Street
jet at sonic.net
Mon Jan 12 11:20:06 PST 2004
All right... I'll bite. Let's start from the beginning.
What do the lines in /etc/nsswitch.conf look like? Paste it so we can see.
Any info you can provide from /var/log/messages or /var/log/secure after a
failed login would be helpful.
How are you building your maps for shadow? Are you merging it with passwd?
Probably defined in /etc/ypserv.conf. Pasting that file in a reply might
help also.... As well as the beginning of the file Makefile in /var/yp/
From Makefile in /var/yp
# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=
# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
MERGE_GROUP=
That should be enough to keep you busy for awhile....
On Monday 12 January 2004 10:41, sms at sonic.net wrote:
> > I have found serveral articls regarding this on google, but no answers.
> > The problem, SSH users passwd's are not being authenticated by NIS. I am
> > using RH9.0 Server and Clients. We are using standard password and
> > shadow mechanism. We are not using broadcast on the clients for NIS, it
> > is a direct query from the /etc/yp.conf file.
> > I can use telnet, and NIS authenticates correctly. The problem is
> > the way SSh is trying to lookup the password (at least from what I can
> > tell). Any ideas?
>
> Sorry, no quick fixes; my gut tells me that it's likely an sshd config
> issue, but I ain't RHCanything, so... <shrug>
>
> Does SSH correctly auth users in /etc/passwd, or LDAP (i.e. for ANY other
> methods than NIS, most particularly for database-services rather than for
> flatfile lookups)?
>
> <pondering> AFAIK, the NIS files aren't supposed to be consulted directly;
> maybe SSH requires NIS passwd transactions be done with the NIS services?
> This'd be a "more primitive" thing for telnet -- being able to query from
> the files -- and a "sophisticated" requirement of SSH. Just a thought...
>
> Have you run ssh -d (debug mode)? This may give some additional info.
>
>
> - Steve S.
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk
--
Mark Street, D.C.
Red Hat Certified Engineer
Cert# 807302251406074
--
Key fingerprint = 3949 39E4 6317 7C3C 023E 2B1F 6FB3 06E7 D109 56C0
GPG key http://www.streetchiro.com/pubkey.asc
More information about the talk
mailing list