160 likes | 286 Views
Centralized logins with NIS. Eric Stolten Tim Meade Mark Sidnam. NIS. Purpose of NIS This enables centralized user logins across networks. The centralized database allows users to login and change passwords in one location and have the changes reflected across all involved systems. NIS.
E N D
Centralized logins with NIS Eric Stolten Tim Meade Mark Sidnam
NIS • Purpose of NIS • This enables centralized user logins across networks. • The centralized database allows users to login and change passwords in one location and have the changes reflected across all involved systems.
NIS • Background Information • NIS was originally developed by Sun Microsystems under the name Yellow Pages. However, we are not allowed to use that trademarked name.
NIS vs. NIS+ • NIS+ was supposed to be a more secure replacement to NIS providing security and easy implementation over large area networks. • It is important to note that NIS+ is not the same project as NIS. It is a newer version released by Sun Microsystems.
NIS vs. NIS+ • NIS+ increases security by using additional authentication methods. • We chose to use NIS over NIS+ because of the small network size and stability.
NIS Server Configuration • Necessary configuration. • #/etc/sysconfig/networkNISDOMAIN=”lab2.research.cs.uofs.edu” • #/etc/yp.conf --This is the ypbind conf fileypserver 127.0.0.1
NIS Server Configuration • Necessary running daemons • portmap – An RPC daemon. • yppasswd – allows NIS clients to change their passwords • ypserv -- The main NIS server • ypbind – The main NIS client • ypxfrd – Speeds up password database transfers.
Check for running Daemons • It is helpful to check that our processes are running with rpcinfo -p localhost. • Output should produce something like[root@bigboy tmp]# rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100009 1 udp 681 yppasswdd 100004 2 udp 698 ypserv 100004 1 udp 698 ypserv 100004 2 tcp 701 ypserv 100004 1 tcp 701 ypserv
Initializing the NIS Domain • To build our database, we must run the command /usr/lib/yp/ypinit -m • This verifies the NIS domain name and generates password databases according to the entries in /etc/passwd • We must rebuild the databases each time a user is added to the system.
Adding More Users • After the initialization you need to run: • useradd <username> • Then run • passwd <username> • You can verify this by typing • ypmatch <nisusername> <passwd> • It will display the user name with an encrypted password.
Configuration of the Client • The authconfig program configures the NIS files after prompting for the IP and domain of the NIS server • Once finished it will create the file • /etc/yp.conf • It also adds the NIS domain to the file: • /etc/sysconfig/network • This line: +:*::::: had to be added to the /etc/passwd file to direct it to the server.
Running the Client • Daemons that need to run Client Side • ypbind • portmapper • yppasswdd • To ensure that the services start the next reboot you need to run: • chkconfig <NISSERVICE> on
Problems • An incorrect configuration in the • /var/yp/securenets • prevented us from originally connecting from any computer other than lab2
Problems • Packages were missing • Ran the Red hat package manager and added the packages • Firewall was running by default which prevented connections to the server from some clients. • Disabled the firewall • Applications/system settings/security settings
Security Issues • restricting the server to static IP address removes some fear of hackers • hacks/cracks included: • running ypcat and cracking the passwd file • obtaining passwd map with ypx • guesses domain name to look like a box on the network
Resources • www.linuxhomenetworking.com • www.eng.aunurn.edu