Pick a Free OS

User login

Navigation

Home

Centralised authentication using NIS

Sat, 12/02/2000 - 05:49 |  admin
Email: 
mayank@freeos.com

is a part of. This domain is not to be confused with your DNS domain name

and for security reasons, should not be the same as your DNS name. The NIS

domain system allows you to divide the computers on your network into

sub-domains that are served by NIS master servers for that domain only. The

NIS domain name can be anything you want (foo.bar.org or org.bar.foo), but

for security reasons, this should not not be the same as the DNS domain name.

The NIS domain name parameter is set by the nisdomainname command.

Equivalent commands are ypdomainname and domainname. They all do the same.

nisdomainname foo.bar.org

This command will need to be run on every machine on your network that

will be part of the domain. You should put the above in your system startup

scripts so that the domain name is automatically set at boot. Alternatively,

in Red Hat you can edit /etc/sysconfig/network and change or add the

parameter "NISDOMAN=domain". In SuSE open /etc/rc.config and look for

"YP_DOMAINNAME".

Server Configuration

Open the file named /etc/ypserv.conf

Look for the lines below and un-comment them

* : passwd.byname : port : yes

* : passwd.byuid : port : yes

You should do this otherwise any user on the network can say "ypcat passwd"

and see the entire password database exported by the NIS server, including

the encrypted password. However, root on the client machines will be able

to view the encrypted password.

Open /var/yp/Makefile. Go through the options at the top. You probably

won't have to modify them but it does make sense to check them out. Now

look for the "all" rule in this file. It will look something like the

following.

all: passwd group rpc services netid

This defines the files that are to be made available over NIS. NIS is

after all Network Information Services. You can use it for more than

just authentication. Here I'm also exporting /etc/services and /etc/hosts.

The defaults that are un-commented will work just fine. We're just going

for centralized authentication here, so make sure that passwd and group

are un-commented.

Move to /var/yp and run "make" there. This will create the NIS database

maps. You will need to run this every time you change a source file. e.g -

when you add/remove a user from the passwd file. Changes to passwords do

not require a make.

Login to post comments |   |  Tags: Articles - Howtos, Linux

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © Freeos.com | Contact Us: info@freeos.com