NIS Password format

IRIX and IRIX software discussion including open source and commerical offerings.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
praetor242
Posts: 244
Joined: Thu Feb 23, 2017 5:41 pm
Location: Arlington, TX

NIS Password format

Unread postby praetor242 » Wed Sep 20, 2017 7:54 am

I have an NIS server running on FreeBSD, and my IRIX machines bind to it just fine. I can ypcat and see my password map, but when I try and login, it doesn't work. I can successfully login to any of my other FreeBSD machines, just not my IRIX ones.

I also checked the order of the nsswitch.con file, and that's fine. Which leads me to believe it's a password format issue on IRIX. FreeBSD stores its passwords using SHA512. How can I change IRIX to use this format, or do I need to change it on my NIS server?

HALP!
:O2: - trajan - R5000 180Mhz - 256 MB RAM - 300GB HDD
:O2: - hadrian - R5000 180Mhz - 128 MB RAM - 147 GB HDD
:Octane2: - augustus - COMING SOON :D :D

User avatar
praetor242
Posts: 244
Joined: Thu Feb 23, 2017 5:41 pm
Location: Arlington, TX

Re: NIS Password format

Unread postby praetor242 » Wed Sep 20, 2017 9:58 am

I just decided to change the password format to DES on the FreeBSD boxes. Easier, but still a pain in the ass.
:O2: - trajan - R5000 180Mhz - 256 MB RAM - 300GB HDD
:O2: - hadrian - R5000 180Mhz - 128 MB RAM - 147 GB HDD
:Octane2: - augustus - COMING SOON :D :D

User avatar
Raion-Fox
Donor
Donor
Posts: 1388
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: NIS Password format

Unread postby Raion-Fox » Wed Sep 20, 2017 10:50 am

DES is very insecure. Make sure you've a good firewall.

EDIT: You could replace NIS with OpenLDAP
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)
Thinkpad W530 i7 3940XM 3GHz, 32GB, K1000M Windows 8.1 Embedded rin
Thinkpad R40 Pentium M 1.5GHz 2GB RAM kasha

Owner and operator of http://irix.pw

User avatar
praetor242
Posts: 244
Joined: Thu Feb 23, 2017 5:41 pm
Location: Arlington, TX

Re: NIS Password format

Unread postby praetor242 » Wed Sep 20, 2017 10:54 am

Yeah. I'm not totally thrilled with having DES hashes, but it's just in the inside of the network. Does IRIX support LDAP authentication?
:O2: - trajan - R5000 180Mhz - 256 MB RAM - 300GB HDD
:O2: - hadrian - R5000 180Mhz - 128 MB RAM - 147 GB HDD
:Octane2: - augustus - COMING SOON :D :D

User avatar
Raion-Fox
Donor
Donor
Posts: 1388
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: NIS Password format

Unread postby Raion-Fox » Wed Sep 20, 2017 11:30 am

You can have IRIX boxes run as LDAP clients yes.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)
Thinkpad W530 i7 3940XM 3GHz, 32GB, K1000M Windows 8.1 Embedded rin
Thinkpad R40 Pentium M 1.5GHz 2GB RAM kasha

Owner and operator of http://irix.pw

User avatar
duck
Donor
Donor
Posts: 742
Joined: Mon Oct 27, 2003 5:22 pm
Location: Jakobstad, Finland
Contact:

Re: NIS Password format

Unread postby duck » Wed Sep 20, 2017 12:46 pm

My octane authenticates using LDAP, it's a bit quirky since I needed to run a local openldap server and use good ole' xdm login (clogin doesn't interface with PAM AFAIR) to get it to work.

I don't remember why I had to set up the replication, but now that I look at the config file again it might have been SSL related. (i.e. nss/pam-ldap on IRIX couldn't use SSL?)

Code: Select all

URI             ldap://localhost/
#URI            ldaps://pond.shangtai.net/


It's working great though.
:Octane: halo, octane Image knightrider, d i g i t a l AlphaPC164, pond, soekris net6501, misc cool stuff in a rack
N.B.: I tend to talk out of my ass. Do not take it too seriously.

User avatar
miod
Posts: 519
Joined: Fri Oct 09, 2009 2:44 am
Location: Clermont-Ferrand (France)
Contact:

Re: NIS Password format

Unread postby miod » Wed Sep 20, 2017 11:13 pm

praetor242 wrote:I just decided to change the password format to DES on the FreeBSD boxes. Easier, but still a pain in the ass.

That's the only way to get IRIX to grok your passwords anyway. And you need to set UNSECURE in /var/yp/`domainname`Makefile as well.

Now I'd suggest defining a specific login class for the FreeBSD users which accounts will be available in the NIS databases, so that other FreeBSD accounts (*cough* root) still are created with strong password hashes. See the documentation for login.conf.
:Indigo:R3000 (alas, dead) :Indigo:R4000 x4 :Indigo2:R4400 :Indigo2IMP:R4400 x2 :Indigo2:R8000 :Indigo2IMP:R10000 :Indy:R4000PC :Indy:R4000SC :Indy:R4400SC :Indy:R4600 :Indy:R5000SC :O2:R5000 x3 :O2:RM7000 :Octane:2xR10000 :Octane:R12000 :O200:2xR12000 :O200: - :O200:2x2xR10000 :Fuel:R16000 :O3x0:4xR16000 :A350:
among more than 150 machines : Apollo, Data General, Digital, HP, IBM, MIPS before SGI, Motorola, NeXT, SGI, Solbourne, Sun...

User avatar
praetor242
Posts: 244
Joined: Thu Feb 23, 2017 5:41 pm
Location: Arlington, TX

Re: NIS Password format

Unread postby praetor242 » Thu Sep 21, 2017 6:11 am

That is actually a fantastic idea!
:O2: - trajan - R5000 180Mhz - 256 MB RAM - 300GB HDD
:O2: - hadrian - R5000 180Mhz - 128 MB RAM - 147 GB HDD
:Octane2: - augustus - COMING SOON :D :D

User avatar
jan-jaap
Donor
Donor
Posts: 4916
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: NIS Password format

Unread postby jan-jaap » Thu Sep 21, 2017 6:25 am

:PI: :Indigo: :Indigo: :Indy: :Indy: :Indy: :Indigo2: :Indigo2: :Indigo2IMP: :Octane: :Octane2: :O2: :O2+: Image :Fuel: :Tezro: :4D70G: :Skywriter: :PWRSeries: :Crimson: :ChallengeL: :Onyx: :O200: :Onyx2: :O3x02L:
To accentuate the special identity of the IRIS 4D/70, Silicon Graphics' designers selected a new color palette. The machine's coating blends dark grey, raspberry and beige colors into a pleasing harmony. (IRIS 4D/70 Superworkstation Technical Report)

User avatar
praetor242
Posts: 244
Joined: Thu Feb 23, 2017 5:41 pm
Location: Arlington, TX

Re: NIS Password format

Unread postby praetor242 » Thu Sep 21, 2017 6:38 am

Hmm....I've already engineered NIS infrastructure, and I plan on adding older IRIX machines and maybe some Sparcstations later on. So I think how I have it is future proof (for retro machines, how ironic) and still plays with my modern FreeBSD/Linux/MacOS stuff.

Right now I'm trying to figure out what to do about passwords. DES is insecure, but so are short ass passwords that IRIX requires.
:O2: - trajan - R5000 180Mhz - 256 MB RAM - 300GB HDD
:O2: - hadrian - R5000 180Mhz - 128 MB RAM - 147 GB HDD
:Octane2: - augustus - COMING SOON :D :D

User avatar
Raion-Fox
Donor
Donor
Posts: 1388
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: NIS Password format

Unread postby Raion-Fox » Thu Sep 21, 2017 10:41 am

praetor242 wrote:Right now I'm trying to figure out what to do about passwords. DES is insecure, but so are short ass passwords that IRIX requires.


You can change passwords from the shell just fine
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)
Thinkpad W530 i7 3940XM 3GHz, 32GB, K1000M Windows 8.1 Embedded rin
Thinkpad R40 Pentium M 1.5GHz 2GB RAM kasha

Owner and operator of http://irix.pw

User avatar
praetor242
Posts: 244
Joined: Thu Feb 23, 2017 5:41 pm
Location: Arlington, TX

Re: NIS Password format

Unread postby praetor242 » Thu Sep 21, 2017 11:01 am

I meant the 8 character limitation IRIX has.
:O2: - trajan - R5000 180Mhz - 256 MB RAM - 300GB HDD
:O2: - hadrian - R5000 180Mhz - 128 MB RAM - 147 GB HDD
:Octane2: - augustus - COMING SOON :D :D


Return to “IRIX and Software”

Who is online

Users browsing this forum: No registered users and 1 guest