Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authentication order with NIS / ypbind

Status
Not open for further replies.

Loic SARRAZIN

Systems Engineer
Jul 5, 2021
1
FR
Hello,
Running on AIX 7.1 or AIX 7.2 here is the context:
- ypbind is running to permit NIS authentication, identification is done with NIS table auto.home.
This work fine and could not be changed yet. Tests where done with su or ssh.

- When a user try connecting, and this user is absent from auto.home (for instance a pure local user) the connection lasts for several seconds (up to 30 sec). This could lead to timeout.
- A user locally defined in /etc/passwd AND in auto.home is quickly connected. The uid in /etc/passwd and in auto.home could even be different, it is quickly connected! Only the username is relevent.

- I've tried to change /etc/security/user to force SYSTEM=files and registry=files, but the behavior was the same (former set to "compat OR LDAP")
Using truss, i've seen that when a domainname is spotted, all the auto.home table is read. The seek stops when a username is found, and it is the reason it's quicker when a local user is also defined in auto.home.
- I've tried to connect through PAM, but the behavior was the same. Not worse nor better.
- Of course, stopping ypbind, stops also this strange behavior.

Does anybody know how to avoid to read the very long (15000 records) auto.home table when a user is locally defined and does not require NIS credentials ?

Thank you
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top