My original message is enclosed at the end.
Thanks to:
Banks B J <randy@essex.ac.uk>
annr@reference.collins.co.uk (Ann Rautenbach 3267 Systems_Administrator)
Ian Chisholm <chis@mail.glg.edinburgh.ac.uk>
bern@penthesilea.Uni-Trier.DE (Jochen Bern)
glenn@uniq.com.au (Glenn Satchell - Uniq Professional Services)
erastil@lmera.ericsson.se (Stellan Nilsson Z/OD)
russ@prin.ebasco.com (Russ Bebb - 452-0130)
pburyk@leis.leis.bellcore.com (Patrick Buryk)
eww@hobbes.crc.com (Eric Wampner ORL)
Danny Barron <dbarron@csci0.uark.edu>
reggie.beavers@sfwmd.gov (Reggie Beavers - UNIX Sys Admin)
matthew.hofener@camp.org
creusat@montrouge.smr.slb.com (Jean-Pierre Creusat)
scowles@scheffer.Stanford.EDU (S. Cowles)
danny@ews7.dseg.ti.com (Danny Johnson)
Russell Ruby <russ@MATH.ORST.EDU>
Ian MacPhedran <Ian_MacPhedran@engr.usask.ca>
The answer is that pcnfsd does not check /etc/shells. It checks to see
if the name of the shell ends in "sh", which is lame if you ask me.
Jean-Pierre says that this fact is not in the document Sun
distributes. He also said that if you compile pcnfsd with the
USE_GETUSERSHELL option, it will check /etc/shells instead of the last
two characters of the name of the shell.
Several people listed above want a solution because they want everyone
to have access to the same files with any PC. You can take advantage
of the above solution: Make either a shared login with a known
password and a dummy shell or give everyone a personal login with a
dummy shell on that system. The dummy shell's name should end in
"sh".
------- Forwarded Message
To: Sun Managers <sun-managers@eecs.nwu.edu>
Subject: pc-nfs needs a valid shell
Date: Tue, 20 Sep 94 22:28:00 -0400
From: Tom Reingold <tommy@big.att.com>
I run NIS on my systems, which run SunOS 4.1.x. I forbid logins on my
file server by having entries like this in the passwd file.
+jane::0:0:::
+joe::0:0:::
+::0:0:::/usr/local/etc/nowayin
The last entry says that the default shell (i.e. if you're not like
jane or pete who are allowed) is a program that says you're not allowed
in.
The problem is that this does not work for PC-NFS users. They get an
authentication failure. /usr/local/etc/nowayin is listed in
/etc/shells. My workaround is to give the PC-NFS users jane-and-joe
style logins on the fileserver, but I'd like to keep them out. How do
I do this?
Tom Reingold, AT&T Bell Labs, Crawford | "Computers are useless. They only
Hill Laboratory, Holmdel, NJ, USA | give answers." --Pablo Picasso
tommy@big.att.com or att!big!tommy |
------- End of Forwarded Message
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:10 CDT