The order in which different services are consulted when searching for information are listed in the /etc/nsswitch.conf file. The following line in this file shows that the /etc/passwd file should be consulted first when searching for a user name , and if the search is not successful, then to go to the NIS server.
passwd: files nis
When using this method, every user name in the NIS maps is tried. To restrict a user name search to the /etc/passwd file and only to selected users in the NIS database, change the above line to:
passwd: compat
After that, you have to add escape entries in the /etc/passwd file for those NIS users to whom you want to grant access on a particular NIS client machine. The resulting /etc/passwd file that grants access to all locally defined users in addition to the two NIS users boota and gamma is shown here.
root:BCRwpNgfFq3Zc:0:3::/:/sbin/sh daemon:*:1:5::/:/sbin/sh bin:*:2:2::/usr/bin:/sbin/sh sys:*:3:3::/: adm:*:4:4::/var/adm:/sbin/sh uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico lp:*:9:7::/var/spool/lp:/sbin/sh nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico hpdb:*:27:1:ALLBASE:/:/sbin/sh nobody:*:-2:-2::/: www:*:30:1::/: +boota +gamma
The plus ( + ) symbol shows that these are NIS users. You can add different user names on different NIS clients for granting selective access. Similar processes can be repeated with the /etc/ group file.
To grant selected user access on an NIS server, additional steps are needed as compared to an NIS client. First of all, you should not use the /etc/passwd file for creating NIS maps. Create a separate password file for this purpose. For example, if you use the /etc/passwd.nis file for creating NIS maps, follow these two steps.
Change the YPPASSWDD_OPTIONS variable in the /etc/rc.config.d/namesvrs file by replacing /etc/passwd with /etc/passwd.nis . This tells the rpc.yppasswdd daemon to make password changes to this file instead of to the /etc/passwd file when a user changes a password on an NIS client.
Edit the /var/yp/ypmake file and replace /etc/passwd with /etc/passwd.nis . This causes the /etc/passwd.nis file to be used when creating NIS maps instead of /etc/passwd .
After carrying out these two steps, you should regenerate the NIS maps and propagate them to slave servers. All other steps are the same as with NIS slave servers.
Top |