[SUMMARY] Migration existing users to NIS+ password table

From: Wales Wong (wawong@ouhk.edu.hk)
Date: Thu Sep 10 1998 - 20:20:35 CDT


Dear Managers,

Thanks for the repsonses of the following managers:
Andrew Mitchell <afm@colltech.com>
Eugene Kramer <eugene@uniteq.com>
Unixboy@aol.com
Luc Lauwers <llauwers@ba3sun01.ti.emea.eds.com>
Matthew Atkinson <m.atkinson@csl.gov.uk>

Most of the responses suggest me to use nispopulate. As I mentioned
in my own follow-up, nispopulate has already been done. The problem
is that the users do not have a login shell and they can't do the
keylogin or chkey themselves.

The only workaround is to turn off secure rpc and perform nispopulate
with the -S0 flag. Well, since it is documented in Sun's documentation
that level 0 is not recommended, I may have hard time to convince
the management to adopt this configuration.

Since we are using password aging and password has to be changed within
six months, my last resort is to wait until the users change their
passwords (but they can't) and ask us for help. Then we can do the rest
for them.

Thanks for your attention.

-----------------------------==============-----------------------------
Original question is here:

Dear Managers,

We have a SUN E3000 running on Solaris 2.5.1. Currently, no
name service is used. In order to cater for expansion, we plan
to use NIS+ on this machine.

Setting up of NIS+ server and clients is successful. My problem
lies in the migration of existing user accounts. According to
Sun's documentation, I need to run "nisclient -u" for each
individual user. However, this requires the login password
for the users and all I have is only /etc/shadow.

Can the system administrator do all the setup without users'
participation? Is there any workaround other than asking the
users to run "nisclient -u" or reassigning all the passwords?

Thanks for any input and I will summarize.

-----------------------------==============-----------------------------
Follow-up to the original question:

Dear Managers,

This acts as a followup and clarification for my original query.
Actually, nispopulate has been done successfully and users
can use the old password to login. All NIS+ settings have been
configured, except the encrypted private keys of the users.

Since users do not have any login shell - they only have a customized
menu, I cannot ask them to run "keylogin", "nisclient", "chkey", etc.
Besides, I cannot perform the tasks for them because this requires
users' login passwords. But all I have is /etc/shadow. That's why I have
to ask for the workaround WITHOUT users' participation in my original
query.

Thanks for your attention.



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:48 CDT