Thanks to Mark Hargrave, Greg Neasmith, and Aaron Browne. Aaron noticed
that I had neglected to mention anything about /etc/shadow; and indeed, my
failure to add +@harvey to that file was the cause of the problem.
Mark Hargrave and Greg Neasmith asked if the syntax I used in my netgroup
definitions could be the problem, and referred me to the man pages and
Answerbooks. Not surprisingly, the info in those was contradictory, so I ran
some tests on Solaris 2.5.1, 2.6, and 7 machines to see what actually works
and what doesn't.
'bob' is in the passwd map, and the entries along the top row were placed in
the netgroup for a machine running the version of Solaris on the left. On
each machine, nsswitch.conf's password entry is 'compat'.
(,bob) (,bob,) (,bob), (,bob,), (-,bob,) (,,) (,-,) (,)
2.5.1 bad ok bad ok ok bad bad bad
2.6 ok ok ok ok ok ok ok ok
7 ok ok ok ok ok ok ok ok
At least this is how it seemed to work. Then I found that slight variations
in the +@netgroup entry in /etc/passwd and /etc/shadow changed the results,
and I gave up. Your results may very well differ.
BTW, I noticed again that every reference to the compat mode is accompanied
by a warning that it may not be supported in future releases. Anyone know
why this handy feature would be abandoned?
Jon
>We're having a problem with NIS netgroups. We have this setup:
>
>harvey harvey1 staff
>
>harvey1 (-,user1,) (-,user2,)
>
>staff staff1
>
>staff1 (-,admin1,) (-,admin2,)
>
>/etc/passwd on harvey has this at the end:
>
>+@harvey
>
>The problem is this: members of harvey1 can't login to harvey, but members
>of staff can. If we move harvey1 to staff, ie,
>
>staff staff1 harvey1
>
>then members of harvey can log in, even without making any other changes.
>
>This is under Solaris 2.6.
-- Jon Bernard jbber@src.uchicago.edu System Administrator tel 773-702-0733 Social Science Research Computing fax 773-702-2101 University of Chicagofinger jbber@cicero.src.uchicago.edu for my PGP key finger://jbber@cicero.src.uchicago.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:26 CDT