> The first one is that I have set up an NIS server which uses a > non-standard passwd/shadow/group file (/var/yp/<domain>/whatever). I'm > trying to get PAM to use it to (for the passwd command, useradd, radiusd, > etc). I've been hacking away at pam_unix, making it accept parameters in > /etc/pam.d/* that choose the file name. Is there an easy way to do this > that I am missing?
I think what you're missing the difference between PAM and NSS. PAM provides authentication, NSS provides name service (distributed /etc/passwd, /etc/shadow, /etc/hosts, /etc/group, etc). First of all, a passwd file in /var/yp/... is a very standard place, for an NIS (aka YP) server. You need to configure your workstations (and NIS server too), to use their NIS clients when getting user information. That amounts to changing some lines in /etc/nsswitch.conf. You probably have a line that says something like "passwd: files". You'd want to change that to "passwd: nis files" instead. All of this has absolutely nothing to do with PAM. In fact, the standard PAM authentication module already has built-in support for NIS. I suggest getting a good book on NIS (perhaps NSS and PAM too). I also suggest you use ANYTHING but NIS. NIS+ and LDAP are infinitely better when it comes to the security aspects of name service. -- t. charles clancy <> [EMAIL PROTECTED] <> www.uiuc.edu/~tclancy coordinated science laboratory <> university of illinois cryptography and information protection
