Hello,

I have one AIX box acting as NIS server and working with two other
boxes running as NIS clients. All of them have AIX 5.1.
Everything is Ok with users definitions and passwords replications.
But now I want to create rules for the passwords (minimum lenght,
maximum age, etc). All this is stored under /etc/security/passwd. How
can I replicate this information to the NIS clients? Is this possible
with NIS? Or is it only possible with NIS+? Or does anyone know of
other ways of doing it?

Thank you very much in advance for your help.

Cheers

In the server execute /var/yp/make 'all'

Still U fail?
keep backup copies of the files
/etc/security/user and
/etc/security/limits in the clients

Then Copy the files in the server
/etc/security/user
/etc/security/limits using
rcp -p /etc/security/user root@clients:/
To all clients
See whether the new files are there in the clients
Then try.

BEST WISHES !!!!

Thanks for your reply.

"make all" doesn't replicate that information.

The file I need to replicate is /etc/security/passwd. I've already tried copying this file to the clients, but it isn't read by them. I suppose the client go read the maps with the information that comes from the server.

The main point is how I get other kind of information besides the encrypted password that is stored in /etc/security/passwd replicated to the NIS clients.

Cheers

How did you configured these
using smitty
or using aix commands

Please give details

I've inherited this configuration from other Administrators before me.
I don't know how it was initially configured.
But please tell me which details do you need to help me and I'll post them.

Cheers

How did you created the rules for the password.
I think, this part you have done.

I've defined the rules under /etc/security/passwd.

For some users, rules like:

<username>:

login = false

rlogin = false

minlen = 6

I do a make all, try to do for example a remote login to one of the NIS Clients and I'm authorized to. I can even change my password with the new one having a lenght minor then 3.

So, the rules defined on the NIS Server aren't replicated to the Clients.

Cheers

<username>:
login = false
rlogin = false
minlen = 6


The above entry you have to do in /etc/security/user
Before that cp /etc/security/user /etc/security/user.old
Last step: /var/yp/make 'all'
Try now.

It is not a good practice edit such files.
instead
smitty user
->Change/Show Characteristics of a user

and proceed.
when everything is done and u are out of smitty, do
/var/yp/make 'all'
If u are not familiar with smitty, read well each menu,before u proceed.

BEST WISHES !!!!

I've taken the assumption that those rules were defined in /etc/security/passwd because it's were they are stored after being modified under smitty user.

I've tried to define those rules under /etc/security/user and then do a make all, and still they are not replicated to the clients.

What do you think of this?

Cheers

As I Told u earlier, use smitty user
U can see that the modifications in this case will be done in /etc/security/user
when u use smitty user and modify something,
it will be replicated in any of the following files
/etc/security/passwd
/etc/security/limits
/etc/security/user
I repeat, it is not a good practice to edit these files.
Even an extra blank will create problems.
I have never edited these files.

If u have the result in the server, then copy
/etc/security/limits and
/etc/security/user
to the clients.

But don't copy
/etc/security/passwd

BEST WISHES !!!

blur,
Is your problem solved.
I am eager to know

I'm very sorry for not replying for a while. Other issues get in the way.

Your information was correct. What I've done was manually syncronize the /etc/security/user files between the server and the clients (using rsync on cron job).

One problem is that one of the things that I wanted to implement was a time limit for users to change the password. The information of the last password update is stored under /etc/security/passwd. This means that I also needed to rsync this file also.

Other problem, is that I've edited directly the files before your warning. And now everytime I try to change settings for user under smit, I get an error. It still works but. Why is it such a problem to edit the files?

Having so many issues to solve, I've thought of changing technology and integrating the authentication and security definitions for AIX users with Microsoft Active Directory, as we also have this infraestructure and users work and develop on both platforms. And this could solve my questions, because I could implement the security policies on the AD side. Do you have some experience with this? I have AIX 5.1 and I've read some documents stating that for this version the only method should be LDAP client on the AIX side as for AIX 5.2 or greater should be Kerberos authentication. Are you familiar with this?

Cheers

We have single sign on for AIX, Solaris and Linux

We have single sign on for AIX, Solaris and Linux
Another domain for Windows.
For a single sign on for all the above,
we have plan to have ldap.
Due to other issues, we did not look in to it.
I have heard only about ldap, nothing else.

We have single sign on for AIX, Solaris and Linux

SORRY for Multiple submit. I committeda mistake, but could not delete completely.