Based on the NIS migration tests I did and another question I posted earlier on.
I tried to downgrade NIS linux encryption to DES to support solaris connection.
So I modified /etc/pam.d/system-auth as below,
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so shadow nullok try_first_pass use_authtok
password required pam_deny.so
and then reset the user's password.
I can login the user's account from the linux client with no issue, but I just can't login from the solaris client using both telnet and ssh.
I checked the log message, and it kept showing the following messages.
Apr 13 17:05:05 lay8 sshd[21086]: [ID 800047 auth.info] Invalid user systest from 172.26.80.46
Apr 13 17:05:05 lay8 sshd[21086]: [ID 800047 auth.info] input_userauth_request: invalid user systest [preauth]
Apr 13 17:05:07 lay8 sshd[21086]: [ID 800047 auth.error] error: Could not get shadow information for NOUSER
Apr 13 17:05:07 lay8 sshd[21086]: [ID 800047 auth.info] Failed password for invalid user systest from 172.26.80.46 port 48485 ssh2
Apr 13 17:05:11 lay8 sshd[21086]: [ID 800047 auth.info] Connection closed by 172.26.80.46 [preauth]
I just can't figure it out. Did I miss something?
For more information,
# passwd -S systest
systest PS 2017-04-13 0 99999 7 -1 (Password set, DES crypt.)
/etc/ypserv.conf
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords.
# Note that it will not work if you have slave NIS servers in your
# network that do not run the same server as you.
# Host : Domain : Map : Security
#
# * : * : passwd.byname : port
# * : * : passwd.byuid : port
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
172.26.80.0/255.255.248.0 : * : * : none
* : * : * : deny
Thanks.