SUMMARY: nis question

From: Andy Mitchell (
Date: Thu Feb 06 1997 - 09:26:20 CST

Sorry for delay in summary....

My (paraphrased) question:

I just started using NIS+ and am having a problem with a TAC+ daemon
authenticating username/passwd pairs. tacacsd was running on NIS+
client machine (being dist passwd table from NIS+ server).

Code in tacacsd was calling getpwnam() and receiving *NP* as password.
tacacsd running as root, but still unable to get passwd.


NIS+ misconfigured - no credentials for client to see password in table.

-> TRUE, but this did not solve my problem. (THough it did answer some
questions for me! Thanks, who also sent me a
pretty detailed list of things to do/try with NIS+. Very helpful.
Thanks for your time!)

tacacsd should be using getspnam() not getpwnam(). This is most likely
the problem. While I did not try it in the tacacsd code (I found an
easier solution- see below) I did write a little program using getspnam
and getpwnam() and guess which one worked correctly when running as root?
Uh, yes, beavis, getspnam(). Thanks to john benjamins <johnb@Soliton.COM>

Solution: I just pointed the tac client to the NIS+ master and placed
the tacacs daemon there. Now it works fine. I guess that getpwnam()
is working ok because nsswitch.conf has "files nisplus" and thus the
flat passwd files get queried first. This was the same problem on the
client (i.e. users listed in the local /etc/passwd file were authenticated
fine by tac while users in nis+ passwd table were not).

Since my user base is only about 150 people right now (few of which use
the access server) searching the flat passwd file is not really a
performance concern.

Thanks for the education!

john benjamins <johnb@Soliton.COM> (Marc S. Gibian)
Barry Brown <>
Mark Bergman <>


Andrew F. Mitchell
Network Systems Administrator
UF Biotechnology Program (352) 846-1733

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:44 CDT