1 |
Hello |
2 |
|
3 |
I seem to have a serious problem with nis-exported passwd-entries: |
4 |
A single "*" in the password section of the passwd file does NOT lock |
5 |
the given account! The user can just hit return at the password request |
6 |
to log in. This seems to be not the case with local accounts. |
7 |
Everything else is working splendid with nis. I do not have the "+"-entry |
8 |
in my passwd file since it is not necessary on our other machines (I think |
9 |
this is only needed when using 'compat' in nsswitch..?). |
10 |
|
11 |
This can be cured by using pam_unix.so instead of pam_pwdb.so in |
12 |
/etc/pam.d/login. |
13 |
Strangely enough /etc/pam.d/sshd uses pam_pwdb.so as well but locks |
14 |
out the user... ... actually it does not lock out the user but simply gives a |
15 |
blank line after hitting return on the password request and can only be |
16 |
stopped by Ctrl-C... |
17 |
...and ssh does not use the 'nullok' modification given in /etc/pam.d/sshd |
18 |
and locks out users with empty password field as well. |
19 |
|
20 |
any help on this one? |
21 |
|
22 |
regards |
23 |
|
24 |
Tibor Rudas |