| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a rule that adds two bang characters in front of the password.
When the password algorithm is defined as CRYPT and NIS is used to
authenticate users on other systems, there is no way to disable or lock
accounts. Traditional convention has been to put two bang (exclamation)
characters in front of the password, creating an impossible password
hash. This effectively locks the user account, preventing
authentication.
All UNIX systems agree that for encrypted passwords presence of a
character which cannot be part of CRYPT password scheme renders
impossible to login to system with such password. However, not all
systems have meaning of locked accounts and even how these locked
accounts express themselves.
There is certain controversy in what could be used to indicate locked
accounts:
- GNU/Linux systems expect '!' as first character of the password field
- FreeBSD expects '*LOCKED*' string at start of the password field
- Various Solaris versions expect '*LOCK*' string at start of the
password field
- NetBSD has no meaning of locked passwords via content of password field
Given that it is impossible to serve NIS maps with encrypted passwords
in a different way to different clients, standardize on '!!' scheme as
traditional among UNIX administrators.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1298478
|
| |
|
|
|
| |
The values for NIS hosts.byname and hosts.byaddr maps should start with
addresses, not names. Reported by Rik Megens.
|
| |
|
|
|
|
|
| |
* add a definition for shadow.byname
* add a definition for passwd.adjunct.byname
* make passwd.byname/passwd.byuid hide userPassword if objectClass==shadowAccount
* base64-encode nis-disallowed-chars when we are printing defaults
|
| |
|
|
| |
properly with multiple macAddress and cn values
|
| | |
|
| | |
|
| |
|
|
|
|
| |
group.bygid maps; in IPA, the memberOf plugin ensures that it's only
ever going to have redundant data, so there's nothing to be gained by
examining the relationships from that end
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
- make %format() expect a specifier as the value to match against, and the
default to use if there are no / too many matches
defs-nis.c:
- compensate
|
| |
|
|
|
| |
- remember that \t doesn't expand to anything, and the files only use
whitespace, so just use spaces already
|
| | |
|
| |
|
|
| |
- note that defaults for mail, netgroup, and networks still need work
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
- default to _PATH_BSHELL for %{loginShell}
|
| |
|
|
| |
- correct for %list() being gone now
|
| | |
|
| |
|
