nis

advertisement
Centralized logins with NIS
Eric Stolten
Tim Meade
Mark Sidnam
NIS
●
Purpose of NIS
–
–
This enables centralized user logins across
networks.
The centralized database allows users to login
and change passwords in one location and have
the changes reflected across all involved
systems.
NIS
●
Background Information
–
NIS was originally developed by Sun
Microsystems under the name Yellow Pages.
However, we are not allowed to use that
trademarked name.
NIS vs. NIS+
●
●
NIS+ was supposed to be a more secure
replacement to NIS providing security and
easy implementation over large area
networks.
It is important to note that NIS+ is not the
same project as NIS. It is a newer version
released by Sun Microsystems.
NIS vs. NIS+
●
●
NIS+ increases security by using additional
authentication methods.
We chose to use NIS over NIS+ because of
the small network size and stability.
NIS Server Configuration
●
Necessary configuration.
–
–
#/etc/sysconfig/network
NISDOMAIN=”lab2.research.cs.uofs.edu”
#/etc/yp.conf --This is the ypbind conf file
ypserver 127.0.0.1
NIS Server Configuration
●
Necessary running daemons
–
–
–
–
–
portmap – An RPC daemon.
yppasswd – allows NIS clients to change their
passwords
ypserv -- The main NIS server
ypbind – The main NIS client
ypxfrd – Speeds up password database
transfers.
Check for running Daemons
●
It is helpful to check that our processes are
running with rpcinfo -p localhost.
–
Output should produce something like
[root@bigboy tmp]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100009 1 udp 681 yppasswdd
100004 2 udp 698 ypserv
100004 1 udp 698 ypserv
100004 2 tcp 701 ypserv
100004 1 tcp 701 ypserv
Initializing the NIS Domain
●
●
●
To build our database, we must run the
command /usr/lib/yp/ypinit -m
This verifies the NIS domain name and
generates password databases according to
the entries in /etc/passwd
We must rebuild the databases each time a
user is added to the system.
Adding More Users
●
After the initialization you need to run:
–
●
Then run
–
●
passwd <username>
You can verify this by typing
–
●
useradd <username>
ypmatch <nisusername> <passwd>
It will display the user name with an
encrypted password.
Configuration of the Client
●
●
●
●
The authconfig program configures the NIS files
after prompting for the IP and domain of the NIS
server
Once finished it will create the file
– /etc/yp.conf
It also adds the NIS domain to the file:
– /etc/sysconfig/network
This line: +:*::::: had to be added to the /etc/passwd
file to direct it to the server.
Running the Client
●
Daemons that need to run Client Side
–
–
–
●
ypbind
portmapper
yppasswdd
To ensure that the services start the next
reboot you need to run:
–
chkconfig <NISSERVICE> on
Problems
●
An incorrect configuration in the
–
●
/var/yp/securenets
prevented us from originally connecting from
any computer other than lab2
Problems
●
Packages were missing
–
●
Ran the Red hat package manager and added
the packages
Firewall was running by default which
prevented connections to the server from
some clients.
–
Disabled the firewall
–
Applications/system settings/security settings
Security Issues
●
●
restricting the server to static IP address
removes some fear of hackers
hacks/cracks included:
–
–
running ypcat and cracking the passwd file
obtaining passwd map with ypx
●
guesses domain name to look like a box on the
network
Resources
●
●
www.linuxhomenetworking.com
www.eng.aunurn.edu
Download