32.4 Controlling Access

Previous page
Table of content
Next page
   

The order in which different services are consulted when searching for information are listed in the /etc/nsswitch.conf file. The following line in this file shows that the /etc/passwd file should be consulted first when searching for a user name , and if the search is not successful, then to go to the NIS server. 

 passwd:       files nis

When using this method, every user name in the NIS maps is tried. To restrict a user name search to the /etc/passwd file and only to selected users in the NIS database, change the above line to: 

 passwd:       compat

After that, you have to add escape entries in the /etc/passwd file for those NIS users to whom you want to grant access on a particular NIS client machine. The resulting /etc/passwd file that grants access to all locally defined users in addition to the two NIS users boota and gamma is shown here. 

 root:BCRwpNgfFq3Zc:0:3::/:/sbin/sh daemon:*:1:5::/:/sbin/sh bin:*:2:2::/usr/bin:/sbin/sh sys:*:3:3::/: adm:*:4:4::/var/adm:/sbin/sh uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico lp:*:9:7::/var/spool/lp:/sbin/sh nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico hpdb:*:27:1:ALLBASE:/:/sbin/sh nobody:*:-2:-2::/: www:*:30:1::/: +boota +gamma

The plus ( + ) symbol shows that these are NIS users. You can add different user names on different NIS clients for granting selective access. Similar processes can be repeated with the /etc/ group file.

To grant selected user access on an NIS server, additional steps are needed as compared to an NIS client. First of all, you should not use the /etc/passwd file for creating NIS maps. Create a separate password file for this purpose. For example, if you use the /etc/passwd.nis file for creating NIS maps, follow these two steps.

  1. Change the YPPASSWDD_OPTIONS variable in the /etc/rc.config.d/namesvrs file by replacing /etc/passwd with /etc/passwd.nis . This tells the rpc.yppasswdd daemon to make password changes to this file instead of to the /etc/passwd file when a user changes a password on an NIS client.

  2. Edit the /var/yp/ypmake file and replace /etc/passwd with /etc/passwd.nis . This causes the /etc/passwd.nis file to be used when creating NIS maps instead of /etc/passwd .

After carrying out these two steps, you should regenerate the NIS maps and propagate them to slave servers. All other steps are the same as with NIS slave servers.

   
Top

Previous page
Table of content
Next page
HP Certified
HP Certified: HP-UX System Administration
ISBN: 0130183741
EAN: 2147483647
Year: 2000
Pages: 390
Authors: Rafeeq Rehman
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
C++ GUI Programming with Qt 3
C++ How to Program (5th Edition)
Special Edition Using Crystal Reports 10
The Oracle Hackers Handbook: Hacking and Defending Oracle
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy