|
Replicating user security definitions with NIS
Hello,
I have one AIX box acting as NIS server and working with two other boxes running as NIS clients. All of them have AIX 5.1. Everything is Ok with users definitions and passwords replications. But now I want to create rules for the passwords (minimum lenght, maximum age, etc). All this is stored under /etc/security/passwd. How can I replicate this information to the NIS clients? Is this possible with NIS? Or is it only possible with NIS+? Or does anyone know of other ways of doing it? Thank you very much in advance for your help. Cheers |
Possible
In the server execute /var/yp/make 'all'
Still U fail? keep backup copies of the files /etc/security/user and /etc/security/limits in the clients Then Copy the files in the server /etc/security/user /etc/security/limits using rcp -p /etc/security/user root@clients:/ To all clients See whether the new files are there in the clients Then try. BEST WISHES !!!! |
Thanks for your reply.
"make all" doesn't replicate that information. The file I need to replicate is /etc/security/passwd. I've already tried copying this file to the clients, but it isn't read by them. I suppose the client go read the maps with the information that comes from the server. The main point is how I get other kind of information besides the encrypted password that is stored in /etc/security/passwd replicated to the NIS clients. Cheers |
A clarifacation
How did you configured these
using smitty or using aix commands Please give details |
I've inherited this configuration from other Administrators before me.
I don't know how it was initially configured. But please tell me which details do you need to help me and I'll post them. Cheers |
Rules for password
How did you created the rules for the password.
I think, this part you have done. |
I've defined the rules under /etc/security/passwd.
For some users, rules like: <username>: login = false rlogin = false minlen = 6 I do a make all, try to do for example a remote login to one of the NIS Clients and I'm authorized to. I can even change my password with the new one having a lenght minor then 3. So, the rules defined on the NIS Server aren't replicated to the Clients. Cheers |
You are wrong
<username>:
login = false rlogin = false minlen = 6 The above entry you have to do in /etc/security/user Before that cp /etc/security/user /etc/security/user.old Last step: /var/yp/make 'all' Try now. It is not a good practice edit such files. instead smitty user ->Change/Show Characteristics of a user and proceed. when everything is done and u are out of smitty, do /var/yp/make 'all' If u are not familiar with smitty, read well each menu,before u proceed. BEST WISHES !!!! |
I've taken the assumption that those rules were defined in /etc/security/passwd because it's were they are stored after being modified under smitty user.
I've tried to define those rules under /etc/security/user and then do a make all, and still they are not replicated to the clients. What do you think of this? Cheers |
Use smitty
As I Told u earlier, use smitty user
U can see that the modifications in this case will be done in /etc/security/user when u use smitty user and modify something, it will be replicated in any of the following files /etc/security/passwd /etc/security/limits /etc/security/user I repeat, it is not a good practice to edit these files. Even an extra blank will create problems. I have never edited these files. If u have the result in the server, then copy /etc/security/limits and /etc/security/user to the clients. But don't copy /etc/security/passwd BEST WISHES !!! |
Result?
blur,
Is your problem solved. I am eager to know :confused: |
I'm very sorry for not replying for a while. Other issues get in the way.
Your information was correct. What I've done was manually syncronize the /etc/security/user files between the server and the clients (using rsync on cron job). One problem is that one of the things that I wanted to implement was a time limit for users to change the password. The information of the last password update is stored under /etc/security/passwd. This means that I also needed to rsync this file also. Other problem, is that I've edited directly the files before your warning. And now everytime I try to change settings for user under smit, I get an error. It still works but. Why is it such a problem to edit the files? Having so many issues to solve, I've thought of changing technology and integrating the authentication and security definitions for AIX users with Microsoft Active Directory, as we also have this infraestructure and users work and develop on both platforms. And this could solve my questions, because I could implement the security policies on the AD side. Do you have some experience with this? I have AIX 5.1 and I've read some documents stating that for this version the only method should be LDAP client on the AIX side as for AIX 5.2 or greater should be Kerberos authentication. Are you familiar with this? Cheers |
ldap
We have single sign on for AIX, Solaris and Linux
|
ldap
We have single sign on for AIX, Solaris and Linux
Another domain for Windows. For a single sign on for all the above, we have plan to have ldap. Due to other issues, we did not look in to it. I have heard only about ldap, nothing else. |
ldap
We have single sign on for AIX, Solaris and Linux
SORRY for Multiple submit. I committeda mistake, but could not delete completely. |
| All times are GMT -5. The time now is 07:40 PM. |