Another YP question

Wed Oct 6 21:11:31 UTC 2004

> -----Original Message-----
> From: Rick Stevens [mailto:rstevens at vitalstream.com] 
> Sent: Wednesday, October 06, 2004 2:05 PM
> To: Getting started with Red Hat Linux
> Subject: Re: Another YP question
> 
> Waldher, Travis R wrote:
> >  
> > 
> > 
> >>-----Original Message-----
> >>From: Rick Stevens [mailto:rstevens at vitalstream.com]
> >>Sent: Wednesday, October 06, 2004 1:44 PM
> >>To: Getting started with Red Hat Linux
> >>Subject: Re: Another YP question
> >>
> >>Waldher, Travis R wrote:
> >>
> >>>"At this point, make sure that /etc/passwd and /etc/group 
> have been 
> >>>edited so that when the NIS is activated, the data bases
> >>
> >>you have just
> >>
> >>>created will be used, instead of the /etc ASCII files."
> >>>
> >>>What do I need to do to guarantee this.  I've read
> >>
> >>something about a
> >>
> >>>"+::" entry, but not sure how to implement it.  How do I 
> test it to 
> >>>verify it is working?
> >>
> >>Well, the last line of /etc/passwd should be:
> >>
> >>	+:*:0:0:::
> >>
> >>("plus-colon-splat-colon-zero-colon-zero-colon-colon-colon"). 
> >> A similar line should be at the end of /etc/shadow and /etc/group.
> >>
> >>You must also make sure your /etc/nsswitch.conf file includes NIS:
> >>
> >>passwd:     files nis nisplus
> >>shadow:     files nis nisplus
> >>group:      files nis nisplus
> >>
> >>("nisplus" can also be written "nis+")
> >>
> >>
> >>>More importantly, did I just make sense? LOL
> >>
> >>Only to someone who speaks NIS.  ;-)  I'd recommend you get the 
> >>dreaded O'Reilly "sloth" book ("Managing NFS and NIS") if 
> you're going 
> >>to do a lot with NIS/NIS+.  It's a handy reference.
> > 
> > 
> > I added that to those three files, the question I have is, how do I 
> > know it's working?
> > 
> > Also, in the nsswitch.conf, would just having
> > 
> > Passwd:	files nis 
> > Shadow: 	files nis
> > Group:	files nis
> > 
> > Cause it to not work?
> 
> No, because it should check the local files first.

Ok.. I'll go deeper.

We are currently testing AS3.0 for using it as a NIS Master among other
things.

It would greatly decomplicate our lives, scripts, etc. if we could use
the /etc/passwd, etc. files instead of having to use a
/etc/passwd.mydomain.  One advantage is, would be to can some of our
home grown tools and use the built in GUI's.

The problem is, we want to control access to the NIS Master, but since
everyone would be in /etc/passwd, they would be able to login to it.

I was wondering if we parked the +:*:0:0::: in the middle of the passwd
file would the OS stop reading it at that point and go to NIS.  I would
assume it would work (I don't know if NIS would like it), and if it
doesn't, then how do I know that flag is even working in the first
place? (am I making sense?)

The other option I've considered is change the order to "nis files", so
that netgroups would handle the permissions, and "hopefully" if NIS
died, the system would look at the local files for authentication.

Or do you see other ways around this?