User Management Using NIS

Previous page
Table of content
Next page

If your FreeBSD machine is on a corporate or university network with centralized user management, it's likely that there is a NIS (Network Information Service) server available that you can use. This service (also known as YP, or Yellow Pages) provides user and group information to any subscribed machine, allowing all UNIX users throughout the network to be registered and managed on a single central server.

Note

In many modern networks, LDAP and Active Directory are replacing NIS as the standard method for centralized user management. It's possible, though not particularly straightforward, to join a FreeBSD machine to an Active Directory network using the Samba package; see http://web.irtnog.org/howtos-orig/freebsd-winbind/view for the necessary procedure.


You might want to add users to your FreeBSD system in such a way that they can log in using their established NIS usernames and passwords, rather than making them use local accounts on your system with separately managed passwords and user information. To do this, you first must register your machine as a client of the NIS server by adding the following two commands to your /etc/rc.conf file, using your own network's domain name in the nisdomainname variable:

nisdomainname="example.com" nis_client_enable="YES"


Then either restart the computer, or start the NIS domain client manually with the following command:

# /etc/rc.d/nisdomain start Setting NIS domain: example.com.


Check to see that your system found a NIS server using the ypwhich command:

# ypwhich olympus.example.com


If ypwhich returned the correct name of your network's NIS server, you're ready to start adding NIS users.

Edit /etc/master.passwd in your favorite text editor, and add a line for each NIS user with a + sign in front of the username and all of the fields blank except for the last two:

+fred::::::::/home/fred:/bin/csh


Save the file and run pwd_mkdb -p /etc/master.passwd to rebuild the hash databases. Now use finger to verify that the user has been added properly:

# finger fred Login: fred                                Name: Fred Hudson Directory: /home/fred                      Shell: /bin/csh Never logged in. No Mail. No Plan.


If finger returns the correct user information, the newly added user should be able to log in to your FreeBSD system using his NIS username and password. The UID and GID of the user are inherited from the NIS server, and all files created by the user are owned by that UID/GID combination, rather than by any IDs under the local system's numbering scheme.

Tip

If a NIS user tries to change his password using the passwd command on the FreeBSD machine, it will transmit the changed password back into the NIS system so that it's updated at the central server.


Removing a NIS user follows the same procedure as removing a regular user: you use the rmuser command, and specify the user's regular username, without the + sign indicating that it's a NIS account:

# rmuser fred Matching password entry: fred:*:20441:101::0:0:Fred Hudson:/home/fred:/bin/csh Is this the entry you wish to remove? y Remove user's home directory (/home/fred)? y Removing user (fred): mailspool home passwd.


Note that the matching password entry is the one inherited from the NIS server, not the dummy one from your own master.passwd file. The user is now no longer part of your system, but he's still registered in the central NIS database.



Previous page
Table of content
Next page
FreeBSD 6 Unleashed
FreeBSD 6 Unleashed
ISBN: 0672328755
EAN: 2147483647
Year: 2006
Pages: 355
Authors: Brian Tiemann
BUY ON AMAZON
FileMaker Pro 8: The Missing Manual
MySQL Clustering
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Ruby Cookbook (Cookbooks (OReilly))
PMP Practice Questions Exam Cram 2
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy