next up previous contents index
Next: Using the Traditional Up: The Network Information Previous: Using the passwd

Using NIS with Shadow Support


There is no NIS support yet for sites that use the shadow login suite. John F. Haugh, the author of the shadow suite, recently released a version of the shadow library functions covered by the GNU Library GPL to comp.sources.misc. It already has some support for NIS, but it isn't complete, and the files haven't been added to the standard C library yet. On the other hand, publishing the information from /etc/shadow via NIS kind of defeats the purpose of the shadow suite.

Although the NYS password lookup functions don't use a shadow.byname map or anything likewise, NYS supports using a local /etc/shadow file transparently. When the NYS implementation of getpwnam is called to look up information related to a given login name, the facilities specified by the passwd entry in nsswitch.conf are queried. The nis service will simply look up the name in the passwd.byname map on the NIS server. The files service, however, will check if /etc/shadow is present, and if so, try to open it. If none is present, or if the user doesn't have root privilege, if reverts to the traditional behavior of looking up the user information in /etc/passwd only. However, if the shadow file exists and can be opened, NYS will extract the user password from shadow. The getpwuid function is implemented accordingly. In this fashion, binaries compiled with NYS will deal with a local the shadow suite installation transparently.

root (Andrea Pellizzon)
Thu Oct 19 10:26:44 MET 1995