Download presentation
Presentation is loading. Please wait.
Published byHelen Cole Modified over 9 years ago
1
Centralized logins with NIS Eric Stolten Tim Meade Mark Sidnam
2
NIS ● Purpose of NIS – This enables centralized user logins across networks. – The centralized database allows users to login and change passwords in one location and have the changes reflected across all involved systems.
3
NIS ● Background Information – NIS was originally developed by Sun Microsystems under the name Yellow Pages. However, we are not allowed to use that trademarked name.
4
NIS vs. NIS+ ● NIS+ was supposed to be a more secure replacement to NIS providing security and easy implementation over large area networks. ● It is important to note that NIS+ is not the same project as NIS. It is a newer version released by Sun Microsystems.
5
NIS vs. NIS+ ● NIS+ increases security by using additional authentication methods. ● We chose to use NIS over NIS+ because of the small network size and stability.
6
NIS Server Configuration ● Necessary configuration. – #/etc/sysconfig/network NISDOMAIN=”lab2.research.cs.uofs.edu” – #/etc/yp.conf --This is the ypbind conf file ypserver 127.0.0.1
7
NIS Server Configuration ● Necessary running daemons – portmap – An RPC daemon. – yppasswd – allows NIS clients to change their passwords – ypserv -- The main NIS server – ypbind – The main NIS client – ypxfrd – Speeds up password database transfers.
8
Check for running Daemons ● It is helpful to check that our processes are running with rpcinfo -p localhost. – Output should produce something like [root@bigboy tmp]# rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100009 1 udp 681 yppasswdd 100004 2 udp 698 ypserv 100004 1 udp 698 ypserv 100004 2 tcp 701 ypserv 100004 1 tcp 701 ypserv
9
Initializing the NIS Domain ● To build our database, we must run the command /usr/lib/yp/ypinit -m ● This verifies the NIS domain name and generates password databases according to the entries in /etc/passwd ● We must rebuild the databases each time a user is added to the system.
10
Adding More Users ● After the initialization you need to run: – useradd ● Then run – passwd ● You can verify this by typing – ypmatch ● It will display the user name with an encrypted password.
11
Configuration of the Client ● The authconfig program configures the NIS files after prompting for the IP and domain of the NIS server ● Once finished it will create the file – /etc/yp.conf ● It also adds the NIS domain to the file: – /etc/sysconfig/network ● This line: +:*::::: had to be added to the /etc/passwd file to direct it to the server.
12
Running the Client ● Daemons that need to run Client Side – ypbind – portmapper – yppasswdd ● To ensure that the services start the next reboot you need to run: – chkconfig on
13
Problems ● An incorrect configuration in the – /var/yp/securenets ● prevented us from originally connecting from any computer other than lab2
14
Problems ● Packages were missing – Ran the Red hat package manager and added the packages ● Firewall was running by default which prevented connections to the server from some clients. – Disabled the firewall – Applications/system settings/security settings
15
Security Issues ● restricting the server to static IP address removes some fear of hackers ● hacks/cracks included: – running ypcat and cracking the passwd file – obtaining passwd map with ypx ● guesses domain name to look like a box on the network
16
Resources ● www.linuxhomenetworking.com www.linuxhomenetworking.com ● www.eng.aunurn.edu
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.