Home > Miscellaneous > No Support for Shadow NIS Maps before Solaris 10

No Support for Shadow NIS Maps before Solaris 10

November 23rd, 2009 Leave a comment Go to comments

I have just discovered, through great pain and adversity, that Solaris 9 and earlier do not support the use of shadow password files in NIS. While it has a “shadow” file in the OS, you cannot use nsswitch.conf to point to another shadow source. Any alternate shadow information source must be accessed via the “passwd” map.

In practice this means that when you attempt to, for example, telnet to a Solaris 9 box that has “nis” specified within nsswitch.conf, it will do a lookup on the passwd.byname map from NIS. If that map is a shadowed passwd file, it will assume the “x” password field is actually the hashed password, and therefore authentication will fail.

I came across this after discovering that users could not login to a Solaris 9 client after not doing so for a long time. Since they last logged in successfully the NIS server had been migrated from a Solaris 7 box to a Slackware 12.2 box. The bizarre part being that the Solaris 7 server did store passwords in a shadow file. While I can’t confirm it now that the Solaris 7 box is no longer with us, I believe that the Solaris 7 NIS server was combining the passwd and shadow files to provide merged output when the passwd map was queried. The Slackware/Linux NIS server certainly doesn’t do this and instead provides separate passwd and shadow maps.

Be Sociable, Share!
Categories: Miscellaneous Tags: , , , ,
  1. No comments yet.
  1. No trackbacks yet.

Note: Commenter is allowed to use '@User+blank' to automatically notify your reply to other commenter. e.g, if ABC is one of commenter of this post, then write '@ABC '(exclude ') will automatically send your comment to ABC. Using '@all ' to notify all previous commenters. Be sure that the value of User should exactly match with commenter's name (case sensitive).