On Mon, Jun 13, 2005 at 09:44:47AM +0300, Martti Kuparinen wrote:
> >I suspect that, even if the root account is local, it still needs to
> >access NIS to know to which groups it belongs.
> 
> That was it. But why doesn't this work?
> 
> group:          files nis [unavail=return]
> passwd:         files nis
> 
> If I remove "nis [unavail=return]" from group: then I get instant login.
> With the above settings I'm still getting yp_client timeouts (I only
> waited two timeout messages).

as greywolf made obvious to me, /etc/group has mappings of group names
to users, and not the other way around.  hitting the NIS copy of group
is necessary to find all the groups a user is in, even if they aren't a
member of any NIS groups.

I guess this makes logging in as root impossible if NIS is bound to a
remote server and the network dissapears.  possible workarounds would be
distributed local files or running ypserv on every machine.  both
solutions seem like horrid hacks.

-- 
  Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com