Next: Using the Traditional NIS Up: The Network Information System Previous: Using the passwd and

Using NIS with Shadow Support

There is no NIS support yet for sites that use the shadow login suite. John F.-Haugh, the author of the shadow suite, recently released a version of the shadow library functions covered by the GNU Library GPL to comp.sources.misc. It already has some support for NIS, but it isn't complete, and the files haven't been added to the standard C library yet. On the other hand, publishing the information from /etc/shadow via NIS kind of defeats the purpose of the shadow suite.

Although the NYS password lookup functions don't use a shadow.byname map or anything likewise, NYS supports using a local /etc/shadow file transparently. When the NYS implementation of getpwnam is called to look up information related to a given login name, the facilities specified by the passwd entry in nsswitch.conf are queried. The nis service will simply look up the name in the passwd.byname map on the NIS server. The files service, however, will check if /etc/shadow is present, and if so, try to open it. If none is present, or if the user doesn't have root privilege, if reverts to the traditional behavior of looking up the user information in /etc/passwd only. However, if the shadow file exists and can be opened, NYS will extract the user password from shadow. The getpwuid function is implemented accordingly. In this fashion, binaries compiled with NYS will deal with a local the shadow suite installation transparently.

Andrew Anderson
Thu Mar 7 23:22:06 EST 1996