IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Jobs Forum / In that, you're almost definitely wrong
Post #148,347
by ben_tilly
3/24/04 9:26:27 PM
Reply
New In that, you're almost definitely wrong
Without googling, the following should be obvious to any admin.

Shadowed passwords exist as a way to do local authentication with the password not stored in the publically readable passwd file.

NIS exists as a way to centralize authentication across many systems. It moves password checking to a remote system.

The answer that would have suggested that you actually understood what was going on would be to point out that the purpose of shadowed passwords and NIS contradict each other. You either check passwords locally or remotely. Changing how you do it locally when the data is remote is pointless.

The worst possible answer would be to supply large amounts of gratuitous detail (of exactly the kind that you can Google for) without indicating any conceptual grasp of what is going on.

And that is what you did.

Regards,
Ben
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
Post #148,351
by boxley
3/24/04 9:30:18 PM
Reply
New actually you can do both
If I am local to the box I can have a shadowed passwd and a different NIS passwd and flag which to use. An example of such is recovery of a root passwd when an admin has been removed and the NIS maintainers cannot be reached in an emergency.
thanx,
bill
In Bush\ufffds America, fighting terrorism abroad is used as a pretext for vanquishing civil liberties at home. David Podvin
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
Post #148,356
by ben_tilly
3/24/04 9:36:54 PM
Reply
New I was wondering about that...
My assumption was that Peter was right in [link|http://z.iwethey.org/forums/render/content/show?contentid=148144|http://z.iwethey.org...?contentid=148144] that the two couldn't be used at the same time. Bad assumption, but I didn't claim to be an admin. (Quite the contrary in fact.)

Also it is still true that they can't be used at the same time on the same account. And that is true for exactly the reason that I gave.

Cheers,
Ben
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
Post #148,430
by pwhysall
Picture of pwhysall
3/25/04 1:57:09 AM
Reply
New I should have been more specific.
Sorry for any confusion.

The point stands, though.

Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
Post #148,394
by admin
Picture of admin
3/24/04 10:50:56 PM
Reply
New PAM does that too, IIRC
You set the rules to look in NIS first, local second.
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
Post #148,414
by orion
Picture of orion
3/24/04 11:55:04 PM
Reply
New That is the way I do things

The worst possible answer would be to supply large amounts of gratuitous detail (of exactly the kind that you can Google for) without indicating any conceptual grasp of what is going on.


I always supply large amounts of gratuitous detail without indicating any conceptual grasp of what is going on. Stream of unending conscience and all that, you know. ;) Obviously you have not paid attention to any of my posts for the past 6 years or however long I have been posting them as. If I googled it would have been word for word and explained it better than I explained it.

But I have been branded as a Googler, and I hate Google with a passion and do not want to use it. I have stated that before, and I am only repeating myself yet again to someone who obviously did not pay attention to my previous posts. So you and Peter can have your reality on that. I don't care what you two think anymore.


"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"
Post #148,632
by folkert
Picture of folkert
3/25/04 8:22:18 PM
Reply
New There are ways to actually have both.
But as you pointed out this is typically a stupid thing.

Reasons being sometimes an alternate authentication system needs to be defined to guarantee access to remote systems even when the primary and perhaps secondary authentication systems are unavailable.

But, given that now a days there are other ways to get access (RIB Boards, Remote KVMs etc...) this makes entirely ZERO sense.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey

'In view of the fact that Microsoft is acondemned monopolist and on the other hand the internal messages andfinancial transactions of SCO look ever doubtful, Microsoft should bereally anxious that to the own company something does not remainsticking from the Gestank of the SCO.' --Plagarized from [link|http://www.groklaw.net/article.php?story=20040322133607169|GROKLAW]
     One way to filter for technical people :-) - (ben_tilly) - (93) - March 23, 2004, 06:18:59 PM EST
         "Fearlessness"? - (Another Scott) - (17) - March 23, 2004, 06:21:22 PM EST
             Yeah, that and a digital certificate. - (jb4) - (14) - March 23, 2004, 06:41:28 PM EST
                 Easy peasy. - (admin) - (13) - March 23, 2004, 06:44:55 PM EST
                     man?!? - (jb4) - (12) - March 23, 2004, 06:50:13 PM EST
                         Then I suspect you don't qualify anyway... ;-) -NT - (admin) - (3) - March 23, 2004, 06:49:16 PM EST
                             Guilty as charged.... - (jb4) - (2) - March 23, 2004, 06:51:53 PM EST
                                 Debian. - (admin) - (1) - March 23, 2004, 06:53:28 PM EST
                                     Just found out that SuSE 9.1's got it - (jb4) - March 24, 2004, 05:15:12 PM EST
                         And we see that their filter worked - (ben_tilly) - (7) - March 23, 2004, 07:56:49 PM EST
                             two implementations of man, more or less - (boxley) - (1) - March 23, 2004, 08:54:24 PM EST
                                 That makes sense -NT - (ben_tilly) - March 23, 2004, 08:58:42 PM EST
                             $ echo $PAGER - (Arkadiy) - (3) - March 24, 2004, 01:39:25 PM EST
                                 That can't be it - (ben_tilly) - (1) - March 24, 2004, 02:30:51 PM EST
                                     Then you have sensible default - (Arkadiy) - March 24, 2004, 02:48:22 PM EST
                                 How ironic your .sig is in this thread.....**giggle** -NT - (jb4) - March 24, 2004, 05:18:08 PM EST
                             As I already admitted to Scott... - (jb4) - March 24, 2004, 05:17:10 PM EST
             Deploy wireless network? - (broomberg) - (1) - March 23, 2004, 06:47:30 PM EST
                 ROTFL -NT - (ben_tilly) - March 23, 2004, 08:01:58 PM EST
         Is this for real? - (deSitter) - (1) - March 23, 2004, 08:17:25 PM EST
             Unless the position is already filled, it should be real - (ben_tilly) - March 23, 2004, 08:58:08 PM EST
         would look into it but - (boxley) - March 23, 2004, 08:57:17 PM EST
         Could also be. . . - (morganek) - (2) - March 23, 2004, 10:04:52 PM EST
             Go through process.... - (pwhysall) - (1) - March 24, 2004, 01:49:02 AM EST
                 Sent my pubkey - no response -NT - (deSitter) - March 24, 2004, 11:54:06 AM EST
         Hhhmmmmmmm - (orion) - (35) - March 23, 2004, 10:19:43 PM EST
             You don't qualify - (ben_tilly) - (34) - March 23, 2004, 10:46:43 PM EST
                 Maybe I do, maybe I don't - (orion) - (33) - March 24, 2004, 10:21:51 AM EST
                     If you think that you qualify... - (ben_tilly) - (8) - March 24, 2004, 11:04:14 AM EST
                         Why be proven wrong when you don't have to? -NT - (mmoffitt) - March 24, 2004, 11:08:07 AM EST
                         I have to do something first - (orion) - (6) - March 24, 2004, 05:04:43 PM EST
                             Let's just say this - (ben_tilly) - (5) - March 24, 2004, 05:22:10 PM EST
                                 You may be right - (orion) - (4) - March 24, 2004, 07:54:06 PM EST
                                     Not odd at all - (ben_tilly) - (3) - March 24, 2004, 09:32:51 PM EST
                                         I may have had them at one time or thought I did - (orion) - (2) - March 24, 2004, 11:48:33 PM EST
                                             Your confidence level is your problem. - (ben_tilly) - (1) - March 25, 2004, 02:34:24 PM EST
                                                 Not my only problem - (orion) - March 25, 2004, 06:46:49 PM EST
                     Do you know how to obtain your SSH key? - (pwhysall) - (1) - March 24, 2004, 11:51:29 AM EST
                         Yes I do - (orion) - March 24, 2004, 05:01:27 PM EST
                     I don't want to be a meanie, Norm, but... - (pwhysall) - (21) - March 24, 2004, 12:03:17 PM EST
                         Re: I don't want to be a meanie, Norm, but... - (deSitter) - (2) - March 24, 2004, 12:08:10 PM EST
                             Uh, riiiiight. - (Yendor) - (1) - March 24, 2004, 12:22:07 PM EST
                                 Re: Uh, riiiiight. - (deSitter) - March 24, 2004, 12:28:24 PM EST
                         Oh but you are a meanie, nothing you can do about it. - (orion) - (17) - March 24, 2004, 05:21:52 PM EST
                             You've googled. - (pwhysall) - (16) - March 24, 2004, 05:48:12 PM EST
                                 tad obvious I would say :-) -NT - (boxley) - (1) - March 24, 2004, 06:04:30 PM EST
                                     To a genuine UNIX admin, yes. - (pwhysall) - March 24, 2004, 06:07:38 PM EST
                                 So you say - (orion) - (13) - March 24, 2004, 07:57:58 PM EST
                                     In that, you're almost definitely wrong - (ben_tilly) - (6) - March 24, 2004, 09:26:27 PM EST
                                         actually you can do both - (boxley) - (3) - March 24, 2004, 09:30:18 PM EST
                                             I was wondering about that... - (ben_tilly) - (1) - March 24, 2004, 09:36:54 PM EST
                                                 I should have been more specific. - (pwhysall) - March 25, 2004, 01:57:09 AM EST
                                             PAM does that too, IIRC - (admin) - March 24, 2004, 10:50:56 PM EST
                                         That is the way I do things - (orion) - March 24, 2004, 11:55:04 PM EST
                                         There are ways to actually have both. - (folkert) - March 25, 2004, 08:22:18 PM EST
                                     Norm there was enough misinformation in yer post - (boxley) - (5) - March 24, 2004, 09:26:54 PM EST
                                         There is always Misinformation in my posts - (orion) - (4) - March 24, 2004, 11:56:37 PM EST
                                             You claim you didnt lookup the answers - (boxley) - (3) - March 25, 2004, 08:23:11 AM EST
                                                 Fine if it shuts you up - (orion) - (2) - March 25, 2004, 06:43:29 PM EST
                                                     Actually you are correct. - (folkert) - (1) - March 25, 2004, 08:30:20 PM EST
                                                         I did fix my Linux problems on my own - (orion) - April 4, 2004, 12:24:51 PM EDT
         Can you point to more such things? - (deSitter) - (32) - March 24, 2004, 05:53:25 PM EST
             Your public key? - (pwhysall) - (11) - March 24, 2004, 06:00:22 PM EST
                 Re: Your public key? - (deSitter) - (10) - March 24, 2004, 06:11:23 PM EST
                     You probably sent your GPG key, right? - (pwhysall) - (9) - March 24, 2004, 06:12:18 PM EST
                         (bangs head onto bed spikes) - (deSitter) - (8) - March 24, 2004, 06:14:58 PM EST
                             Patience, grasshopper. -NT - (pwhysall) - (6) - March 24, 2004, 06:17:03 PM EST
                                 Re: Patience, grasshopper. - (deSitter) - (5) - March 24, 2004, 06:27:56 PM EST
                                     I got the impression - (altmann) - (4) - March 24, 2004, 06:33:08 PM EST
                                         Hmm possible - (deSitter) - (3) - March 24, 2004, 06:43:22 PM EST
                                             So try logging in. -NT - (admin) - (2) - March 24, 2004, 07:01:34 PM EST
                                                 to what? -NT - (deSitter) - (1) - March 24, 2004, 07:35:04 PM EST
                                                     To their server - (orion) - March 24, 2004, 07:56:28 PM EST
                             That isn't how ssh works - (ben_tilly) - March 24, 2004, 09:12:07 PM EST
             Response finally showed up - (deSitter) - (17) - March 24, 2004, 08:43:22 PM EST
                 Re: Response finally showed up - (deSitter) - (1) - March 24, 2004, 08:45:53 PM EST
                     Luck Bro -NT - (boxley) - March 24, 2004, 09:31:55 PM EST
                 Stage 2 complete - (deSitter) - (13) - March 24, 2004, 10:27:32 PM EST
                     See the default Apache page here. Keep at it! :-) -NT - (Another Scott) - (12) - March 24, 2004, 10:34:31 PM EST
                         FreeBSD must be great - (deSitter) - (11) - March 24, 2004, 10:47:32 PM EST
                             Still the default page from here. - (broomberg) - (10) - March 25, 2004, 07:03:02 AM EST
                                 cp index.html.en test1.html - (deSitter) - (9) - March 25, 2004, 08:53:40 AM EST
                                     Don't assume - (broomberg) - (5) - March 25, 2004, 07:12:58 PM EST
                                         ? - (deSitter) - (4) - March 25, 2004, 07:40:39 PM EST
                                             How hard to understand is that? - (broomberg) - March 25, 2004, 10:13:47 PM EST
                                             test inside the test - (cforde) - (2) - March 26, 2004, 02:49:16 AM EST
                                                 I thought of it exactly opposite - (deSitter) - (1) - March 26, 2004, 04:16:04 AM EST
                                                     If they continue not contacting you, then at least try it. -NT - (ben_tilly) - March 26, 2004, 02:57:53 PM EST
                                     Don't assume - (broomberg) - (2) - March 25, 2004, 07:13:18 PM EST
                                         seconded -NT - (boxley) - March 25, 2004, 07:57:28 PM EST
                                         Thirded. -NT - (mmoffitt) - March 26, 2004, 11:55:07 AM EST
                 have fun with that. knock'em dead -NT - (cforde) - March 25, 2004, 12:50:24 PM EST
             That one was pretty random, sorry -NT - (ben_tilly) - (1) - March 24, 2004, 09:13:45 PM EST
                 S'OK send more if you find'em - (deSitter) - March 24, 2004, 09:32:03 PM EST

Yousa steala precious from meesa!
160 ms