SSH using NIS Domain Authentication

Question

Level 1

0 points

SSH using NIS Domain Authentication

Hi everyone. I have set up a MacPro with Snow Leopard to use NIS authentication (set up the Directory Utility) and, on the surface, it appears to work. In a terminal shell I can su to a username in the NIS passwd table and the home directory (shared from a Sun box) is mounted automatically and all works fine. However, I cannot get any success at logging in to the MacPro via SSH. It will not authenticate any NIS user accounts. Anyone have a suggestion on how to make this work? Local accounts work fine but NIS logins do not. Thanks for any light you have to shine. 🙂

MacPro, Mac OS X (10.6.2)

Posted on Mar 16, 2010 1:57 PM

Reply

Answer 1

Quakes4Mac Author

Level 1

0 points

Apr 14, 2010 3:02 PM in response to Quakes4Mac

In case anyone is wondering about the solution, I discovered by using the DirectoryServices command line tool, dscl, that Open Directory is unable to decrypt the passwords stored in the NIS table (it is actually NIS+ running in NIS compatibility mode). That's why it could not authenticate. There does not appear to be anyway around that so I used dsexport and dsimport to export then import the user accounts from /BSD/mydomain/Users to /Local/Default/Users so that they had a local account with exactly the same characteristics as their NIS account, but with a new password I set during the import. The users were then able to logon via ssh, change their password to their NIS one, and all seems to work fine. The automount of their home directories works, as does all the other table settings. So far so good. Not a simple fix but stealing the best from both seemed to do the trick. And I learned a lot along the way. 🙂

Reply