Netgroup support of ipv6 in Solaris/Linux

Matthew Huff mhuff at ox.com
Mon Jan 16 15:27:51 CET 2012


Both the short name and long name have been present for 15+ years. The ipv4 and ipv6 resolve both forward and backward to the same name. However, any combination linux to linux, linux to solaris, solaris to linux or solaris to solaris prompts for password if the destination server and source server have ipv6. Some are on different subnets so I know they aren't using link locals. I have also verified that the servers are not using temporary addresses.

If I disable ipv6 on either machine, netgroups work.

I'm stumped.

> -----Original Message-----
> From: ipv6-ops-bounces+mhuff=ox.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+mhuff=ox.com at lists.cluenet.de] On Behalf Of Ignatios Souvatzis
> Sent: Monday, January 16, 2012 8:55 AM
> To: Matthew Huff
> Cc: 'ipv6-ops at lists.cluenet.de'
> Subject: Re: Netgroup support of ipv6 in Solaris/Linux
> 
> On Sun, Jan 15, 2012 at 04:50:25PM -0500, Matthew Huff wrote:
> > So far, it appears that ipv6 breaks netgroups in both Solaris and Linux. Has anyone run
> into this or have a solution?
> >
> > Basically if two machines both have IPv6 addresses even with fully resolvable inverse
> addresses, tools that depend on netgroups fail. Disabling ipv6 on either of the machine
> resolves the problem.
> 
> no problem here.
> 
> I use a NetBSD-5.99 server, until a year ago a Solaris10 server.
> I use NetBSD-5 and Solaris10 clients.
> 
> Tow services are using netgroups:
> 
> a)
> 
> passwd: compat
> passwd_compat: nis
> 
> for password selection and
> 
> b) NFS filesystem exports.
> 
> It's no problem, but you have to make sure to make put the fully
> qualified domain name (maybe as well as the shortened) into the
> netgroup, _as it comes out of reverse resolving_ - you might have
> the same host in several domains (as we do) and the wrong one won't
> do in netgroup for nfs access checking. (We're mounting a filesystem
> for student home directories from the neighbour department, and had
> that problem in the past.)
> 
> Regards,
> 	-is



More information about the ipv6-ops mailing list