Solved

Redhat NIS and PAM

Posted on 2008-06-10
5
1,759 Views
Last Modified: 2013-12-16
I'm having a hard time finding any clear documentation on how to configure NIS to use PAM. Has anyone ever made it work out of the box? If configuring NIS and PAM is as simple as editing the proper /etc/pam.d config files, which one would it go in and what do I need to get NIS to use PAM? In particular, I'm looking to set up a password policy which includes password complexity requirements (pam_cracklib.so?), account lockout after X failed attempts, as well as a password history. Also should this be configured on the NIS master, or slave or client, or all of them? I know I could get away with login.defs for some of this but I'd like to utilize as much of PAM's power as possible.
0
Comment
Question by:gick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 43

Accepted Solution

by:
ravenpl earned 250 total points
ID: 21760175
On the nis client (cause server don't have to contact nis)
- I assume You already configured the ypbind client
- configure /etc/nsswitch.conf to use nis

passwd:     files nis
shadow:     files nis
group:      files nis

- configure /etc/pwdb.conf
user:
        unix+shadow
        nis+unix+shadow
group:
        unix+shadow
        nis+unix+shadow

- pam should work without reconfiguring /etc/pam.d/ files then
0
 
LVL 10

Expert Comment

by:elf_bin
ID: 21760814
Use authconfig to configure the client for NIS.
Add the required pam modules to the pam stack in /etc/pam.d/<service> i.e.: /etc/pam.d/login on the client.  Since passwords are being changed on the client, you should add the modules you want to the pam stack on the client.

0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question