DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th October 2015
chipc chipc is offline
New User
 
Join Date: Oct 2015
Posts: 2
Post Cannot login after yp binding OpenBSD 5.7

Hi,

I've got an OpenBSD 5.7 system which seems to be correctly bound to a yp domain, but which is not authenticating users in the yp passwd map.

The server is a Solaris 5.10 machine with scores of Solaris (various versions), Linux and OS X yp clients. I had no trouble binding and using a FreeBSD machine a few weeks ago.

I'm sure OpenBSD is bound correctly: ypwhich returms the name of my yp master; "ypcat passwd" shows the correct full passwd map, and "id username" shows correct information for users in the yp map.

But those users cannot log in, either at the login prompt or via "su -".

/etc/login.conf says:
default:\
...
:ypcipher=old:\
...

I've tried it with "md5" with no change. The server is at the Solaris default setting of "__UNIX__" in policy.conf, referring to the "traditional Unix algorithm", which I'm assuming is what OpenBSD calls "old".

/etc/master.passwd ends in
+:*::::::::
and /etc/passwd in
+:*:0:0:::

What am I missing?

Thanks,

Chip
Toronto
Reply With Quote
  #2   (View Single Post)  
Old 14th October 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,025
Default

Hello, and welcome!

I don't use YP, but I know there are OpenBSD-specific considerations, such as enabling the portmapper and the ypbind(8) daemon. FAQ 10.19.4 discusses provisioning a YP client.
Reply With Quote
  #3   (View Single Post)  
Old 14th October 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,025
Default

I have a follow-up for you, regarding cipher choices. Raimo Niskanen had posted a query to the OpenBSD misc@ mailing list within the last two hours:

http://marc.info/?l=openbsd-misc&m=144482694314182&w=2

He posted a follow-up, which at this time does not appear in the archives at marc.info or at gmane.org, so I have reproduced it below.
Code:
Some answers from myself after experimenting and finding Wikipedia :/

On Wed, Oct 14, 2015 at 02:36:09PM +0200, Raimo Niskanen wrote:
> Hi misc@
> 
> I just found out that ypcipher=old is no longer supported in login.conf.
> 
> Since I have a mixed platform lab network using YP (FreeBSD servers) I am
> curious if anyone has some experience of how portable blowfish is as a
> cipher for YP passwords.
> 
> FreeBSD man pages say that they support it.  I also have lots of old and new
> linux clients and just a few OpenBSD clients in the network.  Linux as usual
> shines being badly documented so I can not find out if any of those support
> blowfish.  Therefore I ask this list if anyone knows about this?  

FreeBSD and OpenBSD have Blowfish in common.
FreeBSD and recent Linux'es have SHA-2 (SHA-256 and SHA-512) in common.
Reply With Quote
  #4   (View Single Post)  
Old 14th October 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,025
Default

And, Theo de Raadt has weighed in to answer the remaining questions.

http://marc.info/?t=144482709800003&r=1&w=2
Reply With Quote
  #5   (View Single Post)  
Old 14th October 2015
chipc chipc is offline
New User
 
Join Date: Oct 2015
Posts: 2
Default

Hah! That's it. I'll have to kludge around it with a local user account for myself.

Thanks for finding this!

Chip
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Gnome 3.8 + OpenBSD 5.4 - error on login (GDM) harishankar OpenBSD Packages and Ports 10 7th December 2013 05:42 PM
Is the problem X11, Fvwm2, or Firefox? Key binding config... jackthechemist OpenBSD General 11 1st February 2011 06:49 AM
How can i login to my FreeBSD ?? ceramic FreeBSD Installation and Upgrading 4 28th July 2008 11:56 AM
How to set up ssh login cssgalactic FreeBSD General 12 28th June 2008 06:00 PM
DSL auto login Weaseal FreeBSD General 3 17th June 2008 03:26 PM


All times are GMT. The time now is 03:15 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick