[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldap] NIS, DCE and /etc/passwd replacement
I got this tip from the SGI newsgroup which allows SGI to understand the passwords
which are stored in the directory in the form "{crypt}asd78fy2x-?ad". SGI introduced
this already in 6.5.7 which now allows me to use the same authentication for my
login and for the directory.
regsub USERPASSWORD{{crypt\}}{}
... And don't bother looking - it is not in the documentation!
This is happy to accept entries with and without the {crypt} prefix.
Check out the comp.sys.sgi.admin newsgroup. I posted questions in March of this
year, some of which got answered.
Simon.
"Chris G. Sellers" wrote:
> Gerard,
> If you run pwconv on IRIX = which makes /etc/shadow files = don't
> you get {crypt} passwords? We have a Sun Directory Server with Crypt
> passwords and it works great on IRIX if we run pwconv first.
>
> Maybe I misunderstood your point?
>
> >
> > Hello Simon,
> >
> >
> > On May 28, 4:11pm, Simon Woods wrote:
> > > Subject: Re: [ldap] NIS, DCE and /etc/passwd replacement
> > > Hi Gerard,
> > >
> > > The documentation to the sgi ldap support is not the greatest. They have been
> > > patching the nsd support since IRIX 6.5.1, and only seem to have reached
> > something
> > > reasonably stable in 6.5.7!
> > >
> >
> > I guess you're right, but it was enough to get going. The line with the version
> > keyword was missing in my config file, but still present in the original sgi
> > version, so I must have accidentally deleted it. It works just fine now. But I
> > did see complaints about nsd on usenet, especially from NIS users. We don't use
> > NIS, and luckily we don't have problems with nsd.
> >
> > > Just for the record,
> > >
> > > We are using an OpenLDAP server which provides the network information
> > directly to
> > > a few SGI's. All of the other machines are still fed using NIS which in turn
> > gets
> > > its information from files generated using perl scripts which use ldapsearch
> > to
> > > lookup the Directory (cron jobs every half hour). Not very elegant but it
> > works and
> > > was the easiest solution when I started. We use the same method for
> > generating the
> > > DNS entries, mail aliases and our proxy access lists. I have a second ldap
> > server
> > > which is replicated and (touch wood) so far (5 Months) has not gone out of
> > sync.
> > > The whole thing is more an experiment than a production environment!
> > >
> > > These days I use the Net::LDAP perl library for new scripts. Appears to be
> > just as
> > > fast as using ldapsearch for returning <1000 entries and I don't have to
> > compile
> > > anything on the target machines.
> > >
> > > Simon.
> > >
> > >-- End of excerpt from Simon Woods
> >
> > I have just decided to go the java way myself. It will be interesting to see
> > how it performs. I'm still only working in a test environment, but we plan to
> > gradually introduce it in the next few months. Sgi's nsd setup makes this quite
> > easy, so I'm rather pleased with it. First thing we want to do apart from unix
> > authentication is to have our radius server authenticate from ldap. Sgi
> > promised to support {crypt} passwords for 6.5.8, so that should be do-able...
> > Thanks again for the tip!
> >
> > Gerard
> >
> >
> > --
> >
> >
>
> <(/|\-/|\-/|\-/|\-/|\/-\|/-\|/-\|/|\-/|\-/|/-\|/|\-/|\-/|\/-\|/-\|/-\)>
>
> Sellers , Chris G.
> Scientific Programmer Analyst
> Information & Instructional Technology
> Oakland University - Rochester, Michigan 48309-4401
> Phone: (248) 370.2016 FAX: (248) 370.4251
--
Siemens Business Services D EBS KS
Mch P/Ca, Carl-Weri-Strasse 22, 81739 Muenchen, Germany
Tel: +49 (0)89 636-54347 (Fax: -54303)
Internet-Mail: mailto:Simon.Woods@mch.sni.de