ssh with compat nis on solaris 10

1.7k views Asked by At

i have a working solaris 10 server with ssh and NIS using the following configuration:

# /etc/nsswitch.conf
passwd:     files nis
group:      files nis

and

# /etc/ssh/sshd_config
 Protocol 2
 Port 22
 ListenAddress ::
 AllowTcpForwarding no
 GatewayPorts no
 X11Forwarding yes
 X11DisplayOffset 10
 X11UseLocalhost yes
 PrintMotd no
 KeepAlive yes
 SyslogFacility auth
 LogLevel info
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 ServerKeyBits 768
 KeyRegenerationInterval 3600
 StrictModes yes
 LoginGraceTime 600
 MaxAuthTries       6
 MaxAuthTriesLog    3
 PermitEmptyPasswords yes
 PasswordAuthentication yes
 PAMAuthenticationViaKBDInt yes
 PermitRootLogin yes
 Subsystem  sftp    /usr/lib/ssh/sftp-server
 IgnoreRhosts yes
 RhostsAuthentication no
 RhostsRSAAuthentication no
 RSAAuthentication yes

Now, i want to switch to compat mode:

# /etc/nsswitch.conf
passwd:     compat
group:      files nis

I added a few users to:

# /etc/passwd
+luke:x:::::

ran pwvcon and then password authentification for user luke doesn't not work anymore (while public-key is still OK).

Is there something wrong with my setup ?

1

There are 1 answers

3
Volker Stolz On BEST ANSWER

From passwd(4):

If a +name entry has a non-null password [..] the value of that field overrides what is contained in the alternate naming service.

Can you see if removing the "x" in the passwd-column and running pwconv again helps?

Edit: the first guess was totally off, see comments, so here's another guess -- I can't break my Sun's config just now, sorry ;)