Download
centralized logins with nis n.
Skip this Video
Loading SlideShow in 5 Seconds..
Centralized logins with NIS PowerPoint Presentation
Download Presentation
Centralized logins with NIS

Centralized logins with NIS

117 Vues Download Presentation
Télécharger la présentation

Centralized logins with NIS

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Centralized logins with NIS Eric Stolten Tim Meade Mark Sidnam

  2. NIS • Purpose of NIS • This enables centralized user logins across networks. • The centralized database allows users to login and change passwords in one location and have the changes reflected across all involved systems.

  3. NIS • Background Information • NIS was originally developed by Sun Microsystems under the name Yellow Pages. However, we are not allowed to use that trademarked name.

  4. NIS vs. NIS+ • NIS+ was supposed to be a more secure replacement to NIS providing security and easy implementation over large area networks. • It is important to note that NIS+ is not the same project as NIS. It is a newer version released by Sun Microsystems.

  5. NIS vs. NIS+ • NIS+ increases security by using additional authentication methods. • We chose to use NIS over NIS+ because of the small network size and stability.

  6. NIS Server Configuration • Necessary configuration. • #/etc/sysconfig/networkNISDOMAIN=”lab2.research.cs.uofs.edu” • #/etc/yp.conf --This is the ypbind conf fileypserver 127.0.0.1

  7. NIS Server Configuration • Necessary running daemons • portmap – An RPC daemon. • yppasswd – allows NIS clients to change their passwords • ypserv -- The main NIS server • ypbind – The main NIS client • ypxfrd – Speeds up password database transfers.

  8. Check for running Daemons • It is helpful to check that our processes are running with rpcinfo -p localhost. • Output should produce something like[root@bigboy tmp]# rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100009 1 udp 681 yppasswdd 100004 2 udp 698 ypserv 100004 1 udp 698 ypserv 100004 2 tcp 701 ypserv 100004 1 tcp 701 ypserv

  9. Initializing the NIS Domain • To build our database, we must run the command /usr/lib/yp/ypinit -m • This verifies the NIS domain name and generates password databases according to the entries in /etc/passwd • We must rebuild the databases each time a user is added to the system.

  10. Adding More Users • After the initialization you need to run: • useradd <username> • Then run • passwd <username> • You can verify this by typing • ypmatch <nisusername> <passwd> • It will display the user name with an encrypted password.

  11. Configuration of the Client • The authconfig program configures the NIS files after prompting for the IP and domain of the NIS server • Once finished it will create the file • /etc/yp.conf • It also adds the NIS domain to the file: • /etc/sysconfig/network • This line: +:*::::: had to be added to the /etc/passwd file to direct it to the server.

  12. Running the Client • Daemons that need to run Client Side • ypbind • portmapper • yppasswdd • To ensure that the services start the next reboot you need to run: • chkconfig <NISSERVICE> on

  13. Problems • An incorrect configuration in the • /var/yp/securenets • prevented us from originally connecting from any computer other than lab2

  14. Problems • Packages were missing • Ran the Red hat package manager and added the packages • Firewall was running by default which prevented connections to the server from some clients. • Disabled the firewall • Applications/system settings/security settings

  15. Security Issues • restricting the server to static IP address removes some fear of hackers • hacks/cracks included: • running ypcat and cracking the passwd file • obtaining passwd map with ypx • guesses domain name to look like a box on the network

  16. Resources • www.linuxhomenetworking.com • www.eng.aunurn.edu