Re: NIS (client) issues...
From: Moritz Franosch (mail_at_Franosch.org)
Date: 08/26/04
- Next message: Kwartz: "Re: Get me out of bad Windows habits, please! - a stab at an explanation"
- Previous message: John Corliss: "Re: Confusion on ISO"
- In reply to: Howard J. Rogers: "Re: NIS (client) issues..."
- Next in thread: Howard J. Rogers: "Re: NIS (client) issues..."
- Reply: Howard J. Rogers: "Re: NIS (client) issues..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 26 Aug 2004 17:40:15 +0200
"Howard J. Rogers" <hjr@dizwell.com> writes:
> (b) not one of the SuSE references or Google'd documents or How-To's
> mentioned the need to create user directories. For example,
> http://www.linux-nis.org/nis-howto/HOWTO/settingup_client.html
> mentions the requirement not once. And it is, presumably, the
> official word on the subject.
Please fix it by contacting the authors.
> But whatever. Can you just confirm: with a functioning NIS server in place,
> I have to log onto the client the first time as root, and create a set of
> home directories for any and all network-authenticated users that might use
> it at some point, in advance? Is that correct?
Yes.
> And, second, what do I do if there are 450 users set up on the NIS
> server, and any one of them might use the client machine from time
> to time? Sit there typing all day??!
As lremzgq@suvdms.com has already pointed out, NIS is normally
(exclusively?) used together with NFS mounted home
directories. Perhaps the documentations reagarding NIS simply take
that for granted. The "philosophy" of NIS is the following:
We have centralized NFS mounted home directories. Every time a new
user account is created, the user automatically has a home directory
on the client, but can not login because /etc/password does not list
the user. Thus, the administator has to copy /etc/password to all
clients each time a new account is created. To avoid the extra work,
we simply distribute /etc/password over the net (you get it on the
client with 'ypcat passwd'). As we are on it, we distribute some other
configuration files network wide, too.
> Starting with the simplest of questions, I suppose: I take it I am
> not supposed to create user accounts on the client first, but that
> the ones already created on the Server should be all that are
> necessary. That is, after all, the entire point of NIS: centralised
> security, no?
Not only. It is "network wide distribution of configuration files".
An application can read the files by 'ypcat passwd' or alike. The
login process or whatever is responsible for authentification reads
'ypcat passwd', decides that the user is allowed to login and either
starts a shell (man login) or a window manager (like kdm does).
The login process (not NIS) _could_ create a local home directory for
the user if no such directory exists, e.g. by executing useradd (man
useradd), _irrespective_ of whether the authentification information
is taken from /etc/passwd or from 'ypcat passwd'. I don't know why
this is not done, perhaps because 'useradd' has some options root may
want to control or perhaps because some 'users' in /etc/passwd
(e.g. sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false) have
nonstandard home directories or perhaps because there could be a
problem with NFS such that the standard /home/ is not available and
there could be security issues by creating a new one.
Moritz
-- Dipl.-Phys. Moritz Franosch http://www.askos.de
- Next message: Kwartz: "Re: Get me out of bad Windows habits, please! - a stab at an explanation"
- Previous message: John Corliss: "Re: Confusion on ISO"
- In reply to: Howard J. Rogers: "Re: NIS (client) issues..."
- Next in thread: Howard J. Rogers: "Re: NIS (client) issues..."
- Reply: Howard J. Rogers: "Re: NIS (client) issues..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
