Subject: Re: Console login fails with NIS
To: None <current-users@NetBSD.org>
From: Aaron J. Grier <agrier@poofygoof.com>
List: current-users
Date: 06/13/2005 15:09:19
On Mon, Jun 13, 2005 at 09:44:47AM +0300, Martti Kuparinen wrote:
> >I suspect that, even if the root account is local, it still needs to
> >access NIS to know to which groups it belongs.
>
> That was it. But why doesn't this work?
>
> group: files nis [unavail=return]
> passwd: files nis
>
> If I remove "nis [unavail=return]" from group: then I get instant login.
> With the above settings I'm still getting yp_client timeouts (I only
> waited two timeout messages).
as greywolf made obvious to me, /etc/group has mappings of group names
to users, and not the other way around. hitting the NIS copy of group
is necessary to find all the groups a user is in, even if they aren't a
member of any NIS groups.
I guess this makes logging in as root impossible if NIS is bound to a
remote server and the network dissapears. possible workarounds would be
distributed local files or running ypserv on every machine. both
solutions seem like horrid hacks.
--
Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com