On 05/10/99 14:25:10 you wrote:
However, if you are in a Unix only environment, then this doesn't matter. The filer does no allow login, so the password portion is not used. The only thing the filer uses the password file for is to do username->UID mapping, so you only really need to worry about having a password at all if you have an /etc/quotas file with usernames in it.
Jerry,
You're forgetting PC-NFS. Some people still use that. It would be nice if PC-NFS supported Solaris shadow passwords as well as the old SunOS 4.x NIS shadow passwords.
If you are using Unix password authentication with CIFS, however, you have to copy the shadow file onto the filer itself. (Note that this does not apply if you have domain authentication.)
But what he wants is for the filer to support this via NIS, so he doesn't have to copy the shadow file onto the filer itself. (That is one of the main points of NIS, you know.)
Bruce
Jerry,
You're forgetting PC-NFS. Some people still use that. It would be nice if PC-NFS supported Solaris shadow passwords as well as the old SunOS 4.x NIS shadow passwords.
If you are using Unix password authentication with CIFS, however, you have to copy the shadow file onto the filer itself. (Note that this does not apply if you have domain authentication.)
But what he wants is for the filer to support this via NIS, so he doesn't have to copy the shadow file onto the filer itself. (That is one of the main points of NIS, you know.)
Bruce
We use our filers for NFS and CIFS and use unix authentication from a NIS map. We are just using straight NIS with no shadow file/map.
We have run "crack" on our user database (over 20000 users) and forced all users with cracked passwords to change them. We also filter any password changes through cracklib. So a password change can be a rather frustrating experience for our users, since we reject 99% of what they want to use as a password.
If we could use shadow files, we probably would. But we would probably not change our password policy since root breakins can happen and even a shadow file could be obtained by intruders.
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support