LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices


Reply
  Search this Thread
Old 02-16-2006, 11:08 AM   #1
blur
LQ Newbie
 
Registered: Nov 2003
Location: Portugal
Distribution: SuSE
Posts: 12

Rep: Reputation: 0
Replicating user security definitions with NIS


Hello,

I have one AIX box acting as NIS server and working with two other
boxes running as NIS clients. All of them have AIX 5.1.
Everything is Ok with users definitions and passwords replications.
But now I want to create rules for the passwords (minimum lenght,
maximum age, etc). All this is stored under /etc/security/passwd. How
can I replicate this information to the NIS clients? Is this possible
with NIS? Or is it only possible with NIS+? Or does anyone know of
other ways of doing it?

Thank you very much in advance for your help.

Cheers
 
Old 02-17-2006, 12:01 AM   #2
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
Post Possible

In the server execute /var/yp/make 'all'

Still U fail?
keep backup copies of the files
/etc/security/user and
/etc/security/limits in the clients

Then Copy the files in the server
/etc/security/user
/etc/security/limits using
rcp -p /etc/security/user root@clients:/
To all clients
See whether the new files are there in the clients
Then try.

BEST WISHES !!!!

Last edited by AbrahamJose; 02-17-2006 at 12:07 AM.
 
Old 02-17-2006, 04:24 AM   #3
blur
LQ Newbie
 
Registered: Nov 2003
Location: Portugal
Distribution: SuSE
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks for your reply.

"make all" doesn't replicate that information.

The file I need to replicate is /etc/security/passwd. I've already tried copying this file to the clients, but it isn't read by them. I suppose the client go read the maps with the information that comes from the server.

The main point is how I get other kind of information besides the encrypted password that is stored in /etc/security/passwd replicated to the NIS clients.

Cheers
 
Old 02-21-2006, 01:30 AM   #4
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
Post A clarifacation

How did you configured these
using smitty
or using aix commands

Please give details
 
Old 02-21-2006, 05:23 AM   #5
blur
LQ Newbie
 
Registered: Nov 2003
Location: Portugal
Distribution: SuSE
Posts: 12

Original Poster
Rep: Reputation: 0
I've inherited this configuration from other Administrators before me.
I don't know how it was initially configured.
But please tell me which details do you need to help me and I'll post them.

Cheers
 
Old 02-22-2006, 06:55 AM   #6
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
Post Rules for password

How did you created the rules for the password.
I think, this part you have done.
 
Old 02-22-2006, 07:24 AM   #7
blur
LQ Newbie
 
Registered: Nov 2003
Location: Portugal
Distribution: SuSE
Posts: 12

Original Poster
Rep: Reputation: 0
I've defined the rules under /etc/security/passwd.

For some users, rules like:

<username>:
login = false
rlogin = false
minlen = 6

I do a make all, try to do for example a remote login to one of the NIS Clients and I'm authorized to. I can even change my password with the new one having a lenght minor then 3.

So, the rules defined on the NIS Server aren't replicated to the Clients.

Cheers
 
Old 02-22-2006, 03:22 PM   #8
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
Thumbs down You are wrong

<username>:
login = false
rlogin = false
minlen = 6


The above entry you have to do in /etc/security/user
Before that cp /etc/security/user /etc/security/user.old
Last step: /var/yp/make 'all'
Try now.

It is not a good practice edit such files.
instead
smitty user
->Change/Show Characteristics of a user

and proceed.
when everything is done and u are out of smitty, do
/var/yp/make 'all'
If u are not familiar with smitty, read well each menu,before u proceed.

BEST WISHES !!!!

Last edited by AbrahamJose; 02-22-2006 at 03:24 PM.
 
Old 02-23-2006, 04:20 AM   #9
blur
LQ Newbie
 
Registered: Nov 2003
Location: Portugal
Distribution: SuSE
Posts: 12

Original Poster
Rep: Reputation: 0
I've taken the assumption that those rules were defined in /etc/security/passwd because it's were they are stored after being modified under smitty user.

I've tried to define those rules under /etc/security/user and then do a make all, and still they are not replicated to the clients.

What do you think of this?

Cheers
 
Old 02-24-2006, 03:46 AM   #10
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
Post Use smitty

As I Told u earlier, use smitty user
U can see that the modifications in this case will be done in /etc/security/user
when u use smitty user and modify something,
it will be replicated in any of the following files
/etc/security/passwd
/etc/security/limits
/etc/security/user

I repeat, it is not a good practice to edit these files.
Even an extra blank will create problems.
I have never edited these files.

If u have the result in the server, then copy
/etc/security/limits and
/etc/security/user
to the clients.

But don't copy
/etc/security/passwd

BEST WISHES !!!

Last edited by AbrahamJose; 02-24-2006 at 03:52 AM.
 
Old 03-10-2006, 12:50 PM   #11
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
Result?

blur,
Is your problem solved.
I am eager to know
 
Old 03-10-2006, 01:23 PM   #12
blur
LQ Newbie
 
Registered: Nov 2003
Location: Portugal
Distribution: SuSE
Posts: 12

Original Poster
Rep: Reputation: 0
I'm very sorry for not replying for a while. Other issues get in the way.

Your information was correct. What I've done was manually syncronize the /etc/security/user files between the server and the clients (using rsync on cron job).

One problem is that one of the things that I wanted to implement was a time limit for users to change the password. The information of the last password update is stored under /etc/security/passwd. This means that I also needed to rsync this file also.

Other problem, is that I've edited directly the files before your warning. And now everytime I try to change settings for user under smit, I get an error. It still works but. Why is it such a problem to edit the files?

Having so many issues to solve, I've thought of changing technology and integrating the authentication and security definitions for AIX users with Microsoft Active Directory, as we also have this infraestructure and users work and develop on both platforms. And this could solve my questions, because I could implement the security policies on the AD side. Do you have some experience with this? I have AIX 5.1 and I've read some documents stating that for this version the only method should be LDAP client on the AIX side as for AIX 5.2 or greater should be Kerberos authentication. Are you familiar with this?

Cheers
 
Old 03-10-2006, 02:16 PM   #13
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
ldap

We have single sign on for AIX, Solaris and Linux

Last edited by AbrahamJose; 03-10-2006 at 02:21 PM.
 
Old 03-10-2006, 02:18 PM   #14
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
ldap

We have single sign on for AIX, Solaris and Linux
Another domain for Windows.
For a single sign on for all the above,
we have plan to have ldap.
Due to other issues, we did not look in to it.
I have heard only about ldap, nothing else.
 
Old 03-10-2006, 02:19 PM   #15
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 167

Rep: Reputation: 31
ldap

We have single sign on for AIX, Solaris and Linux

SORRY for Multiple submit. I committeda mistake, but could not delete completely.

Last edited by AbrahamJose; 03-10-2006 at 02:20 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NIS User profile Problem tulip4heaven Linux - Networking 0 11-12-2005 02:23 AM
NIS and Security jhp Linux - Networking 1 10-11-2005 08:24 AM
User migration from Samba to NIS ice_hockey Linux - Networking 1 05-16-2005 10:23 PM
Replicating files between servers. cpgeorge Linux - Networking 6 12-10-2004 11:07 AM
replicating the lycoris 'my linux system'? aesahaettr Linux - Distributions 2 04-29-2004 06:33 PM

LinuxQuestions.org > Forums > Other *NIX Forums > AIX

All times are GMT -5. The time now is 06:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration