Re: NIS (client) issues...

From: Howard J. Rogers (hjr_at_dizwell.com)
Date: 08/27/04

Next message: stanlin810: "Need Suse 8.2"
Previous message: Sojourner: "Re: 9.1 Linux64:Sound not working on SB Audigy 2Z"
In reply to: Moritz Franosch: "Re: NIS (client) issues..."
Next in thread: xrjsod_at_txxizw.com: "Re: NIS (client) issues..."
Reply: xrjsod_at_txxizw.com: "Re: NIS (client) issues..."
Reply: Juhan Leemet: "Re: NIS (client) issues..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 28 Aug 2004 06:51:57 +1000

Moritz Franosch wrote:

>
> "Howard J. Rogers" <hjr@dizwell.com> writes:
>
>> (b) not one of the SuSE references or Google'd documents or How-To's
>> mentioned the need to create user directories. For example,
>> http://www.linux-nis.org/nis-howto/HOWTO/settingup_client.html
>> mentions the requirement not once. And it is, presumably, the
>> official word on the subject.
>
> Please fix it by contacting the authors.
>
>> But whatever. Can you just confirm: with a functioning NIS server in
>> place, I have to log onto the client the first time as root, and create a
>> set of home directories for any and all network-authenticated users that
>> might use it at some point, in advance? Is that correct?
>
> Yes.
>
>> And, second, what do I do if there are 450 users set up on the NIS
>> server, and any one of them might use the client machine from time
>> to time? Sit there typing all day??!
>
> As lremzgq@suvdms.com has already pointed out, NIS is normally
> (exclusively?) used together with NFS mounted home
> directories. Perhaps the documentations reagarding NIS simply take
> that for granted. The "philosophy" of NIS is the following:
>
> We have centralized NFS mounted home directories. Every time a new
> user account is created, the user automatically has a home directory
> on the client, but can not login because /etc/password does not list
> the user. Thus, the administator has to copy /etc/password to all
> clients each time a new account is created. To avoid the extra work,
> we simply distribute /etc/password over the net (you get it on the
> client with 'ypcat passwd'). As we are on it, we distribute some other
> configuration files network wide, too.
>
>> Starting with the simplest of questions, I suppose: I take it I am
>> not supposed to create user accounts on the client first, but that
>> the ones already created on the Server should be all that are
>> necessary. That is, after all, the entire point of NIS: centralised
>> security, no?
>
> Not only. It is "network wide distribution of configuration files".
>
> An application can read the files by 'ypcat passwd' or alike. The
> login process or whatever is responsible for authentification reads
> 'ypcat passwd', decides that the user is allowed to login and either
> starts a shell (man login) or a window manager (like kdm does).
>
> The login process (not NIS) _could_ create a local home directory for
> the user if no such directory exists, e.g. by executing useradd (man
> useradd), _irrespective_ of whether the authentification information
> is taken from /etc/passwd or from 'ypcat passwd'. I don't know why
> this is not done, perhaps because 'useradd' has some options root may
> want to control or perhaps because some 'users' in /etc/passwd
> (e.g. sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false) have
> nonstandard home directories or perhaps because there could be a
> problem with NFS such that the standard /home/ is not available and
> there could be security issues by creating a new one.
>
> Moritz

Thank you for taking the time to put all of that into words. The philosophy
of NIS is entirely new to me, and you have set me straight about it rather
comprehensively, which is much appreciated.

Is NIS really much used these days, then? Or has everyone moved onto LDAP?
The documentation on the subject seems pretty poor, and makes a lot of
assumptions. That I could live with, because documentation for many things
in life is not always what it should be. But I also noticed a distinct lack
of Google activity on the subject, suggesting maybe that it's not something
a lot of people do all the time.

Anyway: thanks to you & everyone else who replied.

Regards
HJR

Next message: stanlin810: "Need Suse 8.2"
Previous message: Sojourner: "Re: 9.1 Linux64:Sound not working on SB Audigy 2Z"
In reply to: Moritz Franosch: "Re: NIS (client) issues..."
Next in thread: xrjsod_at_txxizw.com: "Re: NIS (client) issues..."
Reply: xrjsod_at_txxizw.com: "Re: NIS (client) issues..."
Reply: Juhan Leemet: "Re: NIS (client) issues..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: NIS (client) issues...
... and any one of them might use the client machine from time ... Perhaps the documentations reagarding NIS simply take ... We have centralized NFS mounted home directories. ... but can not login because /etc/password does not list ...
(alt.os.linux.suse)
Re: NIS, Automounter and NFS
... Suppose you want both nfs and local mounts for some home directories on ... On the NIS client: ... passwd: files nis ...
(comp.os.linux.networking)
NIS configure
... Kindly explain how can I get the home directories in client side. ...
(RedHat)
Re: Permission problems with NIS, NFS or Automount
... rogue /etc/passwd entries on the NFS box causing problems for you. ... netgroup steps below to reinstate the users via NIS. ... re-created a NIS domain and automounting of users home directories when they ...
(comp.unix.solaris)
Re: NIS Account issues/
... There has never been any such map in a standard NIS ... As things stand I have 99% of my desired functionality with NIS working ... fine on both the NIS Server and Client machines. ...
(comp.os.linux.networking)