I have inherited a set of nis+ systems, which I think has not been properly configured. My own nis+ knowledge is not sufficient yet to solve the dilemma.
currently the passwd.org_dir table is gloabally readable - not a good thing. If I restrict read access with a nistbladm -u passwd=w-r passwd.org_dir then users who have neglected to run keylogin and change their passwords get locked out and I have to jump through hoops to change their password and then do a chkey -p
How can I tell if a user has run keylogin. If I could generate a list of those who have not run keylogin I could figure out which accounts I have to fix. FYI rather a lot, 4K+, of accounts..