Configuring client to use central authentication server (synchronize shadow)?
by anon112 from LinuxQuestions.org on (#5RJVB)
Having to work within the confines of an outdated system, I need to configure a list of clients to use a central authentication server. The clients are using the latest release of CentOS. The server is using RHEL6 with NIS (openLDAP is not available from the repos on this install anymore).
I've configured CentOS to use the yp server and domain (via yp.conf and authselect) and can confirm that `yptest -u <username>` succeeds. I can `su` to <username>, but if I try to log in on the system as <username> it cannot authenticate the password; it would appear that information relating to the shadow file is not being sent across the network in addition to the passwd file (I can confirm that passwd is being sent).
Here's where things get tricky. The old system sent shadow over NIS. I'd like to avoid doing that, but the authentication server is a relic and trying to install openLDAP or any other protocol is not going to be easy (or authorized by the powers that be).
So here's my questions:
1) does the ypbind package bundled with CentOS 8 not work with extremely old versions of ypserv? Has shadow over ypbind been eliminated, or is there something I'm missing? I can confirm also that 'nis' is listed for all entries (including passwd and shadow) in /etc/nsswitch.conf.
2) would it be possible to synchronize the shadow file across clients in a portable and secure way?
I've configured CentOS to use the yp server and domain (via yp.conf and authselect) and can confirm that `yptest -u <username>` succeeds. I can `su` to <username>, but if I try to log in on the system as <username> it cannot authenticate the password; it would appear that information relating to the shadow file is not being sent across the network in addition to the passwd file (I can confirm that passwd is being sent).
Here's where things get tricky. The old system sent shadow over NIS. I'd like to avoid doing that, but the authentication server is a relic and trying to install openLDAP or any other protocol is not going to be easy (or authorized by the powers that be).
So here's my questions:
1) does the ypbind package bundled with CentOS 8 not work with extremely old versions of ypserv? Has shadow over ypbind been eliminated, or is there something I'm missing? I can confirm also that 'nis' is listed for all entries (including passwd and shadow) in /etc/nsswitch.conf.
2) would it be possible to synchronize the shadow file across clients in a portable and secure way?