1 / 16

Centralized logins with NIS

Centralized logins with NIS. Eric Stolten Tim Meade Mark Sidnam. NIS. Purpose of NIS This enables centralized user logins across networks. The centralized database allows users to login and change passwords in one location and have the changes reflected across all involved systems. NIS.

rupali
Download Presentation

Centralized logins with NIS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Centralized logins with NIS Eric Stolten Tim Meade Mark Sidnam

  2. NIS • Purpose of NIS • This enables centralized user logins across networks. • The centralized database allows users to login and change passwords in one location and have the changes reflected across all involved systems.

  3. NIS • Background Information • NIS was originally developed by Sun Microsystems under the name Yellow Pages. However, we are not allowed to use that trademarked name.

  4. NIS vs. NIS+ • NIS+ was supposed to be a more secure replacement to NIS providing security and easy implementation over large area networks. • It is important to note that NIS+ is not the same project as NIS. It is a newer version released by Sun Microsystems.

  5. NIS vs. NIS+ • NIS+ increases security by using additional authentication methods. • We chose to use NIS over NIS+ because of the small network size and stability.

  6. NIS Server Configuration • Necessary configuration. • #/etc/sysconfig/networkNISDOMAIN=”lab2.research.cs.uofs.edu” • #/etc/yp.conf --This is the ypbind conf fileypserver 127.0.0.1

  7. NIS Server Configuration • Necessary running daemons • portmap – An RPC daemon. • yppasswd – allows NIS clients to change their passwords • ypserv -- The main NIS server • ypbind – The main NIS client • ypxfrd – Speeds up password database transfers.

  8. Check for running Daemons • It is helpful to check that our processes are running with rpcinfo -p localhost. • Output should produce something like[root@bigboy tmp]# rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100009 1 udp 681 yppasswdd 100004 2 udp 698 ypserv 100004 1 udp 698 ypserv 100004 2 tcp 701 ypserv 100004 1 tcp 701 ypserv

  9. Initializing the NIS Domain • To build our database, we must run the command /usr/lib/yp/ypinit -m • This verifies the NIS domain name and generates password databases according to the entries in /etc/passwd • We must rebuild the databases each time a user is added to the system.

  10. Adding More Users • After the initialization you need to run: • useradd <username> • Then run • passwd <username> • You can verify this by typing • ypmatch <nisusername> <passwd> • It will display the user name with an encrypted password.

  11. Configuration of the Client • The authconfig program configures the NIS files after prompting for the IP and domain of the NIS server • Once finished it will create the file • /etc/yp.conf • It also adds the NIS domain to the file: • /etc/sysconfig/network • This line: +:*::::: had to be added to the /etc/passwd file to direct it to the server.

  12. Running the Client • Daemons that need to run Client Side • ypbind • portmapper • yppasswdd • To ensure that the services start the next reboot you need to run: • chkconfig <NISSERVICE> on

  13. Problems • An incorrect configuration in the • /var/yp/securenets • prevented us from originally connecting from any computer other than lab2

  14. Problems • Packages were missing • Ran the Red hat package manager and added the packages • Firewall was running by default which prevented connections to the server from some clients. • Disabled the firewall • Applications/system settings/security settings

  15. Security Issues • restricting the server to static IP address removes some fear of hackers • hacks/cracks included: • running ypcat and cracking the passwd file • obtaining passwd map with ypx • guesses domain name to look like a box on the network

  16. Resources • www.linuxhomenetworking.com • www.eng.aunurn.edu

More Related