Digital UNIX   can be run in Enhanced Security.  This offers many features like password controls, account expiry and  lifetimes. If you want to network a bunch of linux boxes running RedHat 5.x with digital unix, then follow these instructions. If you have a Solaris server with a "passwd.adjunct" map, then this may work too. However the support for Solaris adjunct maps is untested, and requires you to have the string "##" (hash hash) as the passwd entry in the normal passwd map.

Important. You should get NIS working first before trying this. If you cannot ypcat passwd then this is not going to magically help you, since this is a NIS extension, not a substitute.

Firstly, you'll need a relatively recent redhat distribution. Although I've been doing this since the days of libc4, the method described here works best with RedHat Linux  versions 5.0 and up. If you use another distribution, then you will need a recent version of PAM the (Pluggable Authentication Modules) suite for Linux.

RH5.0 and up come with support for long passwords as part of the base install of the OS. You will need to enable this in the pam configuration files (usually stored in /etc/pam.d). Here is a sample configuration for the login service;
 

#%PAM-1.0 auth       required     /lib/security/pam_securetty.so auth       required     /lib/security/pam_pwdb.so bigcrypt nullok auth       required     /lib/security/pam_nologin.so account    required     /lib/security/pam_pwdb.so password   required     /lib/security/pam_cracklib.so password   required     /lib/security/pam_pwdb.so bigcrypt nullok use_authtok session    required     /lib/security/pam_pwdb.so

/etc/pam.d/login configured for long passwords

You will now need to update your  PWDB (the password database library) to one that supports the "decnis" target.

This requirement will hopefully go away once the diffs to PWDB make it into the main RedHat distribution like the PAM module diffs.

You can find the updated copies as a;

• Source RPM                                                               [FTP]   [HTTP]
• I386 Binary RPM (RH5.1)                                      [FTP]   [HTTP]
• A unified diff against the pwdb-0.55 tar file.     [FTP]   [HTTP]

Once installed (you may need to use --force) you should configure your /etc/pwdb.conf file to look like this ;
 

# # This is the configuration file for the pwdb library # user:         unix         decnis group:         unix         decnis

/etc/pwdb.conf configured for DEC NIS maps.

Thats it. Check with a couple of telnets/console logins that it all works *BEFORE* logging off as root.

Any problems, bug reports,  etc, please send to atp at mssl.ucl.ac.uk.

  Back to atp