SUMMARY: NIS+ and secret keys

From: Randy Olsson (rao@hobbes.crc.com)
Date: Tue Aug 16 1994 - 07:05:00 CDT


Thanks to a quick response from Sven Rizzotti, my current NIS+ problem is
solved.
Original question:

> I am trying to set up NIS+ and have obviously left out some steps. I used
> nisserver to set up the root domain and nispopulate to populate the tables
> from ascii files. niscat seems to work and the users can log in, but anytime
> a user logs in, he/she gets the error:
> Password does not decrypt secret key for unix.14302@isd.crc.com.
> This error occurs whether the user is in the /etc/passwd file or in the
> NIS+ passwd file
>
> Also, when rpc.nisd is running, users (local and NIS+) cannot ftp into the
> machine. When they try - they get 530 Login incorrect. Login failed.
> They can telnet into the machine. If I kill rpc.nisd, users (local) can ftp,
> but everything (ftp,telnet, etc) where a user name needs to be looked up
> is slow.
>
> Does anyone have a good NIS+ paper that describes this secret key stuff?
> The FAQ only has one NIS+ entry.
>
Answer:
> From: Rizzotti.Sven@ch.swissbank.com (Sven Rizzotti)
>
> This occures because you have no credentials. Each user must have two entries
> in cred.org_dir, one to map his uid to the gobal principal name and one do keep
> the sercure key for that principle name.
> give local credentials:
> nisaddcred -p uid -P username.domainname. local
> add DES credentials
> nisaddcred -p unix.uid@domainname -P username.domainname. des
> !!! Keep an eye on the differences with the dot after the domainname.
> I suggest to set the same passwort as the one in the password table, otherwise
> you have to keylogin explicit after every login. (type keylogin)
>
> maybe you want get the following book, it just came out in a new revision
>
> All about administering NIS+, Rick Ramsey
> ISBN 0-13-309576-2 ~ 35$
>

I'll definately get the book.



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:08 CDT