openssh unix dev - Oct 2005 - Help with SSH V4.2p1 and netgroups in password file - OSF/1

Hi
 
I'm using either V3.2 or V4.2p1 depending on the system.
 
Server - OSF/1 V5.1 latest patch kit.
 
If the system has all the accounts in the password file - ssh lets the users
login.
 
If the system has "+" at the end of the passwd file, users in the
local password file or in NIS can login
 
if I change the /etc/svc.conf to have "passwd=local" and add + at
users:x::::: to the passwd file, the users who are local to the passwd file can
login, but the users in the netgroup fail to login, just getting access failed
and re-prompted for their password.
 
The system works for login/telnet/ftp/rsh/login so I believe that the system is
configured correctly, have I missed some configuration option?
 
Any help will be very welcome.
 
Thanks
 
Mike

Mr.Mike Cross wrote:
> I'm using either V3.2 or V4.2p1 depending on the system.
I don't think there was an OpenSSH 3.2 release (there was 3.2.2p1 and 
3.2.3p1).
> Server - OSF/1 V5.1 latest patch kit.
> 
> If the system has all the accounts in the password file - ssh lets
> the  users login.
> 
> If the system has "+" at the end of the passwd file, users in the
> local password file or in NIS can login
> 
> if I change the /etc/svc.conf to have "passwd=local" and add
> + at users:x::::: to the passwd file, the users who are local to the passwd
> file can login, but the users in the netgroup fail to login, just
> getting access failed and re-prompted for their password.
OpenSSH's sshd will check that the user has a valid passwd entry (as 
returned by getpwnam).  You need to tell /etc/svc.conf (or whatever the 
equivalent to /etc/nsswitch.conf is) to look in NIS too.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.