Checking the derived passwd and group maps

On a computer you have configured as an NIS client, verify that the NIS maps required for agentless authentication are available by running the following command:

ypwhich -m

At a minimum, you should see the passwd.* and group.* map names, followed by the name of the computer you are using as the NIS server. For example, if the computer running adclient and adnisd is iceberg-hpux, you should see output similar to this:

passwd.byuid iceberg-hpux
passwd.byname iceberg-hpux
group.byname iceberg-hpux
group.bygid iceberg-hpux

These passwd.* and group.* maps are automatically generated based on the information stored in Active Directory for the zone, including all Active Directory users and groups granted access to the zone. You can view information from any of these maps using a command like ypcat passwd.byname. The output displayed should look similar this:

paul:Xq2UvSkNngA:10000:10000:paul:/home/paul:/bin/bash
mlopez:!:10002:10000:Marco Lopez:/home/mlopez:/bin/bash
jsmith:!:10001:10000:John Smith:/home/jsmith:/bin/bash

In this example, the user paul has a password hash, but users mlopez and jsmith do not.

If a user account is new, disabled, locked, requires a password change, or is not enabled for a zone, the Centrify NIS server sets the user’s hash field to “!”

Note:   On some platforms, you may see ABCD!efgh12345$67890 as the password hash for users who need to set their password.