On Mon, 7 Mar 2016 12:14:17 +0100, Lukas Slebodnik wrote:
On (07/03/16 11:31), Hauke Fath wrote:
# getent passwd -s sss wtestman wtestman:*:580:504:Walter A. Testman:/home/wtestman:/bin/tcsh # getent shadow -s sss wtestman # getent shadow -s nis wtestman wtestman:$TOPSECRET:10779:0:99999:7:::
That's correct. sssd does not provide shadow maps.
That's why I followed the NIS example in https://bugzilla.redhat.com/show_bug.cgi?id=578463 and configured nsswitch.conf like
passwd files sss group files sss shadow files nis
as mentioned.
Therefore you will need to have nis for shadow in /etc/nsswitch.conf and then I cannot see a benefit of using sssd if you cannot get rid of nis. in nsswitch.conf.
Well, it would still cache user and group information, which is probably accessed more frequently than the password.
FTR, I got the
auth_provider = proxy proxy_pam_target = none
You set pam target to "none" What is a content of file /etc/pam.d/none ?
Ah.
I was under the impression that 'none' had special meaning, like for auth_provider? Certainly the logs do not mention a file not found...
BTW why do you need/want to use NIS. You can achieve the same with LDAP/FreeIPA
We use NIS here, and I figured sssd might help with a transition towards LDAP. But it has to work with NIS first.
Cheerio, Hauke