[CentOS] Re: Fix passwd/shadow/group files?

Fri Jul 15 09:25:33 UTC 2005
Bryan J. Smith <b.j.smith@ieee.org> <thebs413 at earthlink.net>

Ignacio Vazquez-Abrams wrote:
> Stuff pam_netgroups into system-auth then make a group per machine.
> http://www2.physics.umd.edu/~payerle/Software/PAM/

Doh!!!  I should have realized that.

Yes, using NIS Netgroups and PAM authentication around them is much,
much better on Linux (and even Solaris) than using multiple NIS domains.

And even if he still replicates his files manually (he should at least
consider automating their distribution via SSH), he can still setup just 1
file and use the same netgroups-PAM solution.

Good catch.

From: Paul Heinlein <heinlein at madboa.com>
> If you set up netgroups, you can specify login rights easily:
> * /etc/passwd
> [...]
> + at login-group
> +:::::/dev/null:/sbin/nologin
> * /etc/nsswitch.conf
> passwd:     compat
> shadow:     compat
> group:      files nis
> netgroup:   files nis

Now that only works for NIS distributed passwd, netgroups, correct?
Or will it work for local users as well?


--
Bryan J. Smith   mailto:b.j.smith at ieee.org