On Mon, 23 Oct 2017 08:29:30 +0300
Alexander Bokovoy via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
On su, 22 loka 2017, Harald Dunkel wrote:
>My problem is, that authentication appears to be broken on
>all NIS clients (2 AIX 6.1 hosts). The problem came up on
>Friday, 2017-10-20 at about 10:00 or 11:00.
I'd suggest reviewing configuration on those boxes. As I said, there is
nothing in NIS protocol that could help you protecting the traffic with
certificates so certificate changes wouldn't be affecting you.
I did a review on the weekend. I wasn't thinking about certificates to
authenticate the traffic between NIS client and server, but between
the "regular" freeipa and freeipa's NIS support. Seems like NIS is
much deeper integrated in freeipa than I expected.
ypbind seems to work on AIX. ypcat -k passwd lists passwd entries
without password hash. (AIX 6.1 does not support an /etc/shadow file,
AFAICT, but the users are supposed to log in via ssh public key and
.ssh/authorized_keys. This wasn't a problem in the past.)
The problem I have now is that apparently authentication gets stuck
completely. Even root cannot login on the console. To login I had
to boot AIX in maintenance mode and disable NIS first. If I enable
NIS again, then no login is possible.
The AIX 7.1 hosts work fine (using LDAP and Kerberos). I never made
LDAP/Kerberos work on AIX 6.1. Maybe I have to try harder to get rid
of NIS completely.
Thanx for your support
Harri