forked from Lainports/freebsd-ports
1248 lines
36 KiB
Text
1248 lines
36 KiB
Text
--- NIS-HOWTO.sgml.orig Wed Dec 25 09:56:09 2002
|
|
+++ NIS-HOWTO.sgml Wed Dec 25 10:53:26 2002
|
|
@@ -4,9 +4,10 @@
|
|
|
|
<ArtHeader>
|
|
|
|
-<Title>The Linux NIS(YP)/NYS/NIS+ HOWTO</Title>
|
|
+<Title>The FreeBSD NIS(YP)/NYS/NIS+ HOWTO</Title>
|
|
<AUTHOR
|
|
>
|
|
+Linux version by
|
|
<FirstName>Thorsten Kukuk</FirstName>
|
|
</AUTHOR
|
|
>
|
|
@@ -17,9 +18,8 @@
|
|
<Para>
|
|
<IndexTerm><Primary>HOWTOs!NIS</Primary></IndexTerm>
|
|
<IndexTerm><Primary>HOWTOs!YP</Primary></IndexTerm>
|
|
-<IndexTerm><Primary>HOWTOs!NYS</Primary></IndexTerm>
|
|
<IndexTerm><Primary>HOWTOs!NIS+</Primary></IndexTerm>
|
|
-This document describes how to configure Linux as NIS(YP) or NIS+ client
|
|
+This document describes how to configure FreeBSD as NIS(YP) client
|
|
and how to install as NIS server.
|
|
</Para>
|
|
|
|
@@ -30,22 +30,21 @@
|
|
<Title>Introduction</Title>
|
|
|
|
<Para>
|
|
-More and more, Linux machines are installed as part of a network of
|
|
+More and more, FreeBSD machines are installed as part of a network of
|
|
computers. To simplify network administration, most networks (mostly
|
|
-Sun-based networks) run the Network Information Service. Linux machines
|
|
+Sun-based networks) run the Network Information Service. FreeBSD machines
|
|
can take full advantage of existing NIS service or provide NIS service
|
|
-themselves. Linux machines can also act as full NIS+ clients, this
|
|
-support is in beta stage.
|
|
+themselves.
|
|
</Para>
|
|
|
|
<Para>
|
|
-This document tries to answer questions about setting up NIS(YP) and NIS+
|
|
-on your Linux machine. Don't forget to read
|
|
+This document tries to answer questions about setting up NIS(YP)
|
|
+on your FreeBSD machine. Don't forget to read
|
|
<XRef LinkEnd="portmapper">.
|
|
</Para>
|
|
|
|
<Para>
|
|
-The NIS-Howto is edited and maintained by
|
|
+The Linux version of the NIS-Howto is edited and maintained by
|
|
</Para>
|
|
|
|
<Para>
|
|
@@ -88,12 +87,7 @@
|
|
</Para>
|
|
|
|
<Para>
|
|
-New versions of this document will also be uploaded to various
|
|
-Linux WWW and FTP sites, including the LDP home page.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Links to translations of this document could be found at
|
|
+Links to translations of the Linux document could be found at
|
|
<ULink
|
|
URL="http://www.linux-nis.org/nis-howto/"
|
|
>http://www.linux-nis.org/nis-howto/</ULink
|
|
@@ -131,9 +125,9 @@
|
|
</Para>
|
|
|
|
<Para>
|
|
-Please do <Emphasis>not</Emphasis> mail me questions about special problems with your Linux
|
|
-Distribution! I don't know every Linux Distribution. But I will try to add
|
|
-every solution you send me.
|
|
+Please do <Emphasis>not</Emphasis> mail Thorsten questions about special problems with FreeBSD.
|
|
+The FreeBSD changes to the Linux document were done by the FreeBSD
|
|
+Documentation Project. Please send comments to docs@freebsd.org
|
|
</Para>
|
|
|
|
</Sect2>
|
|
@@ -160,10 +154,6 @@
|
|
|
|
<Para>
|
|
Theo de Raadt is responsible for the original yp-clients code.
|
|
-Swen Thuemmler ported the yp-clients code to Linux and also ported
|
|
-the yp-routines in libc (again based on Theo's work).
|
|
-Thorsten Kukuk has written the NIS(YP) and NIS+ routines for
|
|
-GNU libc 2.x from scratch.
|
|
</Para>
|
|
|
|
</Sect2>
|
|
@@ -177,9 +167,8 @@
|
|
<Title>Glossary of Terms
|
|
<IndexTerm><Primary>NIS!glossary</Primary></IndexTerm>
|
|
<IndexTerm><Primary>YP!glossary</Primary></IndexTerm>
|
|
-<IndexTerm><Primary>NYS!glossary</Primary></IndexTerm>
|
|
<IndexTerm><Primary>NIS+!glossary</Primary></IndexTerm>
|
|
-<IndexTerm><Primary>glossary!NIS/NYS/YP/NIS+</Primary></IndexTerm>
|
|
+<IndexTerm><Primary>glossary!NIS/YP/NIS+</Primary></IndexTerm>
|
|
</Title>
|
|
|
|
<Para>
|
|
@@ -191,7 +180,7 @@
|
|
<VariableList>
|
|
|
|
<VarListEntry>
|
|
-<Term>DBM</Term>
|
|
+<Term>DB</Term>
|
|
<ListItem>
|
|
<Para>
|
|
DataBase Management, a library of functions which
|
|
@@ -234,8 +223,7 @@
|
|
<ListItem>
|
|
<Para>
|
|
Name services library, a library of name service calls
|
|
-(getpwnam, getservbyname, etc...) on SVR4 Unixes. GNU libc
|
|
-uses this for the NIS (YP) and NIS+ functions.
|
|
+(getpwnam, getservbyname, etc...) on SVR4 Unixes.
|
|
</Para>
|
|
</ListItem>
|
|
</VarListEntry>
|
|
@@ -272,21 +260,10 @@
|
|
</ListItem>
|
|
</VarListEntry>
|
|
<VarListEntry>
|
|
-<Term>NYS</Term>
|
|
-<ListItem>
|
|
-<Para>
|
|
-This is the name of a project and stands for NIS+, YP and Switch
|
|
-and is managed by Peter Eriksson <peter@ifm.liu.se>. It contains
|
|
-among other things a complete reimplementation of the NIS (= YP) code
|
|
-that uses the Name Services Switch functionality of the NYS library.
|
|
-</Para>
|
|
-</ListItem>
|
|
-</VarListEntry>
|
|
-<VarListEntry>
|
|
<Term>NSS</Term>
|
|
<ListItem>
|
|
<Para>
|
|
-Name Service Switch. The /etc/nsswitch.conf file determines the order
|
|
+Name Service Switch. On Solaris, the /etc/nsswitch.conf file determines the order
|
|
of lookups performed when a certain piece of information is requested.
|
|
</Para>
|
|
</ListItem>
|
|
@@ -329,7 +306,6 @@
|
|
<Title>Some General Information
|
|
<IndexTerm><Primary>NIS!general information</Primary></IndexTerm>
|
|
<IndexTerm><Primary>YP!general information</Primary></IndexTerm>
|
|
-<IndexTerm><Primary>NYS!general information</Primary></IndexTerm>
|
|
<IndexTerm><Primary>NIS+!general information</Primary></IndexTerm>
|
|
</Title>
|
|
|
|
@@ -358,7 +334,7 @@
|
|
<ItemizedList>
|
|
<ListItem>
|
|
<Para>
|
|
-login names/passwords/home directories (/etc/passwd)
|
|
+login names/passwords/home directories (/etc/master.passwd)
|
|
</Para>
|
|
</ListItem>
|
|
<ListItem>
|
|
@@ -454,7 +430,8 @@
|
|
severe security needs. NIS+ is _much_ more problematic
|
|
to administer (it's pretty easy to handle on the client side, but the
|
|
server side is horrible). Another problem is that the support for NIS+
|
|
-under Linux contains a lot of bugs and that the development has stopped.
|
|
+under FreeBSD is still under developement, and is not ready for Alpha testing
|
|
+yet.
|
|
</Para>
|
|
|
|
</Sect2>
|
|
@@ -560,10 +537,10 @@
|
|
|
|
<Para>
|
|
To run any of the software mentioned below you will need to run the
|
|
-program /usr/sbin/portmap. Some Linux distributions already have
|
|
-the code in the /sbin/init.d/ or /etc/rc.d/ files to start up this
|
|
-daemon. All you have to do is to activate it and reboot your Linux
|
|
-machine. Read your Linux Distribution Documentation how to do this.
|
|
+program /usr/sbin/portmap.
|
|
+In FreeBSD you specify your desire to run the
|
|
+Portmapper in /etc/rc.conf.
|
|
+All you have to do is to activate it and reboot your FreeBSD machine.
|
|
</Para>
|
|
|
|
<Para>
|
|
@@ -645,15 +622,15 @@
|
|
ypcat, yppoll, ypmatch). The most important program is ypbind. This
|
|
program must be running at all times, which means, it should always appear
|
|
in the list of processes. It is a daemon process and needs to
|
|
-be started from the system's startup file (eg. /etc/init.d/nis,
|
|
-/sbin/init.d/ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local).
|
|
+be started from the system's startup file (eg. /etc/rc.network).
|
|
+You specify your desire to run ypbind in /etc/rc.conf.
|
|
As soon as ypbind is running your system has become a NIS client.
|
|
</Para>
|
|
|
|
<Para>
|
|
In the second case, if you don't have NIS servers, then you will also
|
|
need a NIS server program (usually called ypserv). <XRef LinkEnd="ypserv">
|
|
-describes how to set up a NIS server on your Linux machine using the
|
|
+how to set up a NIS server on your FreeBSD machine using
|
|
<Command>ypserv</Command>
|
|
daemon.
|
|
</Para>
|
|
@@ -667,44 +644,9 @@
|
|
</Title>
|
|
|
|
<Para>
|
|
-The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the
|
|
-shared library "/lib/libc.so.x" contain all necessary system calls to
|
|
-succesfully compile the NIS client and server software. For the
|
|
-GNU C Library 2 (glibc 2.x), you also need /lib/libnsl.so.1.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Some people reported that NIS only works with "/usr/lib/libc.a" version
|
|
-4.5.21 and better so if you want to play it safe don't use older
|
|
-libc's. The NIS client software can be obtained from:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- Site Directory File Name
|
|
-
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.7.tar.gz
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-mt-1.12.tar.gz
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3.tar.gz
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3-glibc5.diff.gz
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Once you obtained the software, please follow the instructions which
|
|
-come with the software. yp-clients 2.2 are for use with libc4 and libc5
|
|
-until 5.4.20. libc 5.4.21 and glibc 2.x needs yp-tools 1.4.1 or later.
|
|
-The new yp-tools 2.4 should work with every Linux libc. Since there was
|
|
-a bug in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc
|
|
-5.4.36 or later instead, or the most YP programs will not work.
|
|
-ypbind 3.3 will work with all libraries, too. If you use gcc 2.8.x or
|
|
-greater, egcs or glibc 2.x, you should add the ypbind-3.3-glibc5.diff
|
|
-patch to ypbind 3.3. If possible you should avoid the use of ypbind 3.3
|
|
-for security reasons.
|
|
-ypbind-mt is a new, multithreaded daemon. It needs a Linux 2.2 kernel
|
|
-and glibc 2.1 or later.
|
|
+The system libraries "/usr/lib/libc.so.x" and "/usr/lib/libc.a"
|
|
+contain all necessary system calls to
|
|
+succesfully compile the NIS client and server software.
|
|
</Para>
|
|
|
|
</Sect2>
|
|
@@ -726,31 +668,9 @@
|
|
</Title>
|
|
|
|
<Para>
|
|
-After you have succesfully compiled the software you are now ready
|
|
-to install it. A suitable place for the ypbind daemon is the directory
|
|
-/usr/sbin. Some people may tell you that you don't need
|
|
-ypbind on a system with NYS. This is wrong. ypwhich and ypcat need it
|
|
-always.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-You must do this as root of course. The other binaries (ypwhich,
|
|
-ypcat, yppasswd, yppoll, ypmatch) should go in a directory accessible
|
|
-by all users, normally /usr/bin.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Newer ypbind versions have a configuration file called /etc/yp.conf. You can
|
|
-hardcode a NIS server there - for more info see the manual page for ypbind(8).
|
|
-You also need this file for NYS.
|
|
-An example:
|
|
-
|
|
-<Screen>
|
|
- ypserver 10.10.0.1
|
|
- ypserver 10.0.100.8
|
|
- ypserver 10.3.1.1
|
|
-</Screen>
|
|
-
|
|
+The ypbind process can be forced to bind to a specific NIS server by specifing
|
|
+the server in /etc/rc.conf.
|
|
+For more info see the manual page for ypbind(8).
|
|
</Para>
|
|
|
|
<Para>
|
|
@@ -904,14 +824,6 @@
|
|
</Para>
|
|
|
|
<Para>
|
|
-To check if the domainname is set correct, use the
|
|
-<Command>/bin/ypdomainname</Command> from
|
|
-yp-tools 2.2. It uses the yp_get_default_domain() function which is more
|
|
-restrict. It doesn't allow for example the "(none)" domainname, which
|
|
-is the default under Linux and makes a lot of problems.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
If the test worked you may now want to change your startupd files
|
|
so that ypbind will be started at boot time and your system will
|
|
act as a NIS client. Make sure that the domainname will
|
|
@@ -933,19 +845,15 @@
|
|
|
|
<Para>
|
|
For host lookups you must set (or add) "nis" to the lookup order line
|
|
-in your <filename>/etc/host.conf</filename> file. Please read the
|
|
-manpage "resolv+.8" for more details.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Add the following line to <filename>/etc/passwd</filename>
|
|
-on your NIS clients:
|
|
+in your <filename>/etc/host.conf</filename> file. Please see the
|
|
+comments in /etc/host.conf for more details.
|
|
</Para>
|
|
|
|
<Para>
|
|
+Add the following line to /etc/master.passwd using vipw on your NIS clients:
|
|
|
|
<Screen>
|
|
-+::::::
|
|
++:::::::::
|
|
</Screen>
|
|
|
|
</Para>
|
|
@@ -953,10 +861,10 @@
|
|
<Para>
|
|
You can also use the + and - characters to include/exclude or change
|
|
users. If you want to exclude the user guest just add -guest to your
|
|
-<filename>/etc/passwd</filename> file.
|
|
+<filename>/etc/master.passwd</filename> file.
|
|
You want to use a different shell (e.g. ksh) for
|
|
-the user "linux"? No problem, just add "+linux::::::/bin/ksh"
|
|
-(without the quotes) to your <filename>/etc/passwd</filename>. Fields
|
|
+the user "ken"? No problem, just add "+ken:::::::::/usr/local/bin/bash"
|
|
+(without the quotes) to your <filename>/etc/master.passwd</filename>. Fields
|
|
that you don't want
|
|
to change have to be left empty. You could also use Netgroups for
|
|
user control.
|
|
@@ -971,487 +879,19 @@
|
|
<Para>
|
|
|
|
<Screen>
|
|
- +miquels:::::::
|
|
- +ed:::::::
|
|
- +dth:::::::
|
|
- +@sysadmins:::::::
|
|
- -ftp
|
|
- +:*::::::/etc/NoShell
|
|
+ +dennis:::::::::
|
|
+ +@sysadmins:::::::::
|
|
+ -ftp:::::::::
|
|
+ +@rejected-users::32767:32767::::::/bin/false
|
|
</Screen>
|
|
|
|
</Para>
|
|
|
|
<Para>
|
|
-Note that in Linux you can also override the password field, as we did
|
|
+Note that in FreeBSD you can also override the password field, as we did
|
|
in this example. We also remove the login "ftp", so it isn't known any
|
|
longer, and anonymous ftp will not work.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-The netgroup would look like
|
|
-
|
|
-<Screen>
|
|
-sysadmins (-,software,) (-,kukuk,)
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-IMPORTANT: The netgroup feature is implemented starting from libc 4.5.26.
|
|
-If you have a version of libc earlier than 4.5.26, every user in the
|
|
-NIS password database can access your linux machine if you run "ypbind" !
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>Setting up a NIS Client using NYS
|
|
-<IndexTerm><Primary
|
|
->NYS!client setup</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-All that is required is that the NIS configuration file
|
|
-(/etc/yp.conf) points to the correct server(s) for its information.
|
|
-Also, the Name Services Switch configuration file (/etc/nsswitch.conf)
|
|
-must be correctly set up.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-You should install ypbind. It isn't needed by the libc, but the NIS(YP)
|
|
-tools need it.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-If you wish to use the include/exclude user feature (+/-guest/+@admins),
|
|
-you have to use "passwd: compat" and "group: compat" in nsswitch.conf.
|
|
-Note that there is no "shadow: compat"! You have to
|
|
-use "shadow: files nis" in this case.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-The NYS sources are part of the libc 5 sources. When run configure,
|
|
-say the first time "NO" to the "Values correct" question,
|
|
-then say "YES" to "Build a NYS libc from nys".
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>Setting up a NIS Client using glibc 2.x
|
|
-<IndexTerm><Primary
|
|
->NIS!client setup!using glibc 2.x</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-The glibc uses "traditional NIS", so you need to start ypbind. The
|
|
-Name Services Switch configuration file (/etc/nsswitch.conf) must be
|
|
-correctly set up. If you use the compat mode for passwd, shadow or group,
|
|
-you have to add the "+" at the end of this files and you can use
|
|
-the include/exclude user feature. The configuration is excatly the same
|
|
-as under Solaris 2.x.
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>The nsswitch.conf File
|
|
-<IndexTerm><Primary
|
|
->nsswitch.conf file</Primary></IndexTerm>
|
|
-
|
|
-<IndexTerm><Primary
|
|
->NIS!nsswitch.conf file</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-The Network Services switch file /etc/nsswitch.conf determines the
|
|
-order of lookups performed when a certain piece of information is
|
|
-requested, just like the /etc/host.conf file which determines the way
|
|
-host lookups are performed. For example, the line
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- hosts: files nis dns
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-specifies that host lookup functions should first look in the local
|
|
-/etc/hosts file, followed by a NIS lookup and finally through the domain
|
|
-name service (/etc/resolv.conf and named), at which point if no match
|
|
-is found an error is returned. This file must be readable for every
|
|
-user! You can find more information in the man-page nsswitch.5
|
|
-or nsswitch.conf.5.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-A good /etc/nsswitch.conf file for NIS is:
|
|
-
|
|
-<Screen>
|
|
-#
|
|
-# /etc/nsswitch.conf
|
|
-#
|
|
-# An example Name Service Switch config file. This file should be
|
|
-# sorted with the most-used services at the beginning.
|
|
-#
|
|
-# The entry '[NOTFOUND=return]' means that the search for an
|
|
-# entry should stop if the search in the previous entry turned
|
|
-# up nothing. Note that if the search failed due to some other reason
|
|
-# (like no NIS server responding) then the search continues with the
|
|
-# next entry.
|
|
-#
|
|
-# Legal entries are:
|
|
-#
|
|
-# nisplus Use NIS+ (NIS version 3)
|
|
-# nis Use NIS (NIS version 2), also called YP
|
|
-# dns Use DNS (Domain Name Service)
|
|
-# files Use the local files
|
|
-# db Use the /var/db databases
|
|
-# [NOTFOUND=return] Stop searching if not found so far
|
|
-#
|
|
-
|
|
-passwd: compat
|
|
-group: compat
|
|
-# For libc5, you must use shadow: files nis
|
|
-shadow: compat
|
|
-
|
|
-passwd_compat: nis
|
|
-group_compat: nis
|
|
-shadow_compat: nis
|
|
-
|
|
-hosts: nis files dns
|
|
-
|
|
-services: nis [NOTFOUND=return] files
|
|
-networks: nis [NOTFOUND=return] files
|
|
-protocols: nis [NOTFOUND=return] files
|
|
-rpc: nis [NOTFOUND=return] files
|
|
-ethers: nis [NOTFOUND=return] files
|
|
-netmasks: nis [NOTFOUND=return] files
|
|
-netgroup: nis
|
|
-bootparams: nis [NOTFOUND=return] files
|
|
-publickey: nis [NOTFOUND=return] files
|
|
-automount: files
|
|
-aliases: nis [NOTFOUND=return] files
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-passwd_compat, group_compat and shadow_compat are only supported by glibc 2.x.
|
|
-If there are no shadow rules in /etc/nsswitch.conf, glibc will use the passwd
|
|
-rule for lookups. There are some more lookup module for glibc like hesoid.
|
|
-For more information, read the glibc documentation.
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>Shadow Passwords with NIS
|
|
-<IndexTerm><Primary
|
|
->NIS!shadow passwords</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-Shadow passwords over NIS are always a bad idea. You loose the security,
|
|
-which shadow gives you, and it is supported by only some few Linux C
|
|
-Libraries. A good way to avoid shadow passwords over NIS is,
|
|
-to put only the local system users in /etc/shadow. Remove the NIS user
|
|
-entries from the shadow database, and put the password back in passwd.
|
|
-So you can use shadow for the root login, and normal passwd for NIS
|
|
-user. This has the advantage that it will work with every NIS client.
|
|
-</Para>
|
|
-
|
|
-<Sect3>
|
|
-<Title>Linux</Title>
|
|
-
|
|
-<Para>
|
|
-The only Linux libc which supports shadow passwords over NIS, is the
|
|
-GNU C Library 2.x. Linux libc5 has no support for it. Linux
|
|
-libc5 compiled with NYS enabled has some code for it. But this code
|
|
-is badly broken in some cases and doesn't work with all correct
|
|
-shadow entries.
|
|
-</Para>
|
|
-
|
|
-</Sect3>
|
|
-
|
|
-<Sect3>
|
|
-<Title>Solaris</Title>
|
|
-
|
|
-<Para>
|
|
-Solaris does not support shadow passwords over NIS.
|
|
-</Para>
|
|
-
|
|
-</Sect3>
|
|
-
|
|
-<Sect3>
|
|
-<Title>PAM
|
|
-<IndexTerm><Primary
|
|
->PAM!shadow passwords</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-Linux-PAM 0.75 and newr does support Shadow passwords over NIS if you
|
|
-use the pam_unix.so Module or if you install the extra pam_unix2.so
|
|
-Module. Old systems using pam_pwdb/libpwdb (for example Red Hat
|
|
-Linux 5.x)
|
|
-need to change the /etc/pam.d/* entries. All pam_pwdb rules should
|
|
-be replaced through a pam_unix_* module.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-An example /etc/pam.d/login file looks like:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
-#%PAM-1.0
|
|
-auth requisite pam_unix2.so nullok #set_secrpc
|
|
-auth required pam_securetty.so
|
|
-auth required pam_nologin.so
|
|
-auth required pam_env.so
|
|
-auth required pam_mail.so
|
|
-account required pam_unix2.so
|
|
-password required pam_pwcheck.so nullok
|
|
-password required pam_unix2.so nullok use_first_pass use_authtok
|
|
-session required pam_unix2.so none # debug or trace
|
|
-session required pam_limits.so
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-</Sect3>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-</Sect1>
|
|
-
|
|
-<Sect1 id="nisplus">
|
|
-<Title>What do you need to set up NIS+ ?</Title>
|
|
-
|
|
-<Sect2>
|
|
-<Title>The Software
|
|
-<IndexTerm><Primary
|
|
->NIS+!software required</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-The Linux NIS+ client code was developed for the GNU C library 2.
|
|
-There is also a port for Linux libc5, since most commercial Applications
|
|
-where linked against this library in the past, and you cannot recompile
|
|
-them for using glibc. There are problems with libc5 and NIS+:
|
|
-static programs cannot be linked with it, and programs compiled
|
|
-with this library will not work with other libc5 versions.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-As base System you need a glibc based Distribution like Debian,
|
|
-Red Hat Linux or SuSE Linux. If you have a Linux Distribution, which
|
|
-does not have glibc 2.1.1 or later, you need to update to a newer
|
|
-version.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-The NIS+ client software can be obtained from:
|
|
-
|
|
-<Screen>
|
|
- Site Directory File Name
|
|
-
|
|
- ftp.gnu.org /pub/gnu/glibc glibc-2.2.5.tar.gz,
|
|
- glibc-linuxthreads-2.2.5.tar.gz
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS+ nis-utils-1.4.1.tar.gz
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-You should also have a look at
|
|
-<ULink
|
|
-URL="http://www.linux-nis.org/nisplus/"
|
|
->http://www.linux-nis.org/nisplus/</ULink
|
|
->
|
|
-for more information and the latest sources.
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>Setting up a NIS+ client
|
|
-<IndexTerm><Primary
|
|
->NIS+!client setup</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-IMPORTANT: For setting up a NIS+ client read your Solaris NIS+ docs
|
|
-what to do on the server side! This document only describes what to do
|
|
-on the client side!
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-After installing the new libc and nis-tools, create the credentials for
|
|
-the new client on the NIS+ server. Make sure portmap is running. Then
|
|
-check if your Linux PC has the same time as the NIS+ Server. For secure RPC,
|
|
-you have only a small window from about 3 minutes, in which the credentials
|
|
-are valid. A good idea is to run xntpd on every host. After this, run
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
-domainname nisplus.domain.
|
|
-nisinit -c -H <NIS+ server>
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-to initialize the cold start file. Read the nisinit man page for more
|
|
-options. Make sure that the domainname will always be set after a reboot.
|
|
-If you don't know what the NIS+ domain name is on your network, ask
|
|
-your system/network administrator.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Now you should change your <filename>/etc/nsswitch.conf</filename>
|
|
-file. Make sure that the
|
|
-only service after publickey is nisplus ("publickey: nisplus"), and nothing
|
|
-else!
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Then start keyserv and make sure, that it will always be started
|
|
-as first daemon after portmap at boot time. Run
|
|
-
|
|
-<Screen>
|
|
-keylogin -r
|
|
-</Screen>
|
|
-
|
|
-to store the root secretkey on your system. (I hope you have added the
|
|
-publickey for the new host on the NIS+ Server?).
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-<Command>niscat passwd.org_dir</Command>
|
|
-should now show you all entries in the passwd database.
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>NIS+, keylogin, login and PAM
|
|
-<IndexTerm><Primary
|
|
->NIS+!use of PAM with</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-When the user logs in, he need to set his secretkey to keyserv. This is done
|
|
-by calling "keylogin". The login from the shadow package will do this for the
|
|
-user, if it was compiled against glibc 2.1. For a PAM aware login, you have
|
|
-to change the /etc/pam.d/login file to
|
|
-use pam_unix2, not pwdb, which doesn't support NIS+. An example:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
-#%PAM-1.0
|
|
-auth required /lib/security/pam_securetty.so
|
|
-auth required /lib/security/pam_unix2.so set_secrpc
|
|
-auth required /lib/security/pam_nologin.so
|
|
-account required /lib/security/pam_unix2.so
|
|
-password required /lib/security/pam_unix2.so
|
|
-session required /lib/security/pam_unix2.so
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>The nsswitch.conf File
|
|
-<IndexTerm><Primary
|
|
->nsswitch.conf file</Primary></IndexTerm>
|
|
-
|
|
-<IndexTerm><Primary
|
|
->NIS+!nsswitch.conf file</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-The Network Services switch file <filename>/etc/nsswitch.conf</filename>
|
|
-determines the order of lookups performed when a certain piece of
|
|
-information is requested, just like the
|
|
-<filename>/etc/host.conf</filename> file which determines the way
|
|
-host lookups are performed. For example, the line
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- hosts: files nisplus dns
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-specifies that host lookup functions should first look in the local
|
|
-<filename>/etc/hosts</filename> file, followed by a NIS+ lookup and
|
|
-finally through the domain
|
|
-name service (<filename>/etc/resolv.conf</filename> and named), at
|
|
-which point if no match is found an error is returned.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-A good <filename>/etc/nsswitch.conf</filename> file for NIS+ is:
|
|
-
|
|
-<Screen>
|
|
-#
|
|
-# /etc/nsswitch.conf
|
|
-#
|
|
-# An example Name Service Switch config file. This file should be
|
|
-# sorted with the most-used services at the beginning.
|
|
-#
|
|
-# The entry '[NOTFOUND=return]' means that the search for an
|
|
-# entry should stop if the search in the previous entry turned
|
|
-# up nothing. Note that if the search failed due to some other reason
|
|
-# (like no NIS server responding) then the search continues with the
|
|
-# next entry.
|
|
-#
|
|
-# Legal entries are:
|
|
-#
|
|
-# nisplus Use NIS+ (NIS version 3)
|
|
-# nis Use NIS (NIS version 2), also called YP
|
|
-# dns Use DNS (Domain Name Service)
|
|
-# files Use the local files
|
|
-# db Use the /var/db databases
|
|
-# [NOTFOUND=return] Stop searching if not found so far
|
|
-#
|
|
-
|
|
-passwd: compat
|
|
-group: compat
|
|
-shadow: compat
|
|
-
|
|
-passwd_compat: nisplus
|
|
-group_compat: nisplus
|
|
-shadow_compat: nisplus
|
|
-
|
|
-hosts: nisplus files dns
|
|
-
|
|
-services: nisplus [NOTFOUND=return] files
|
|
-networks: nisplus [NOTFOUND=return] files
|
|
-protocols: nisplus [NOTFOUND=return] files
|
|
-rpc: nisplus [NOTFOUND=return] files
|
|
-ethers: nisplus [NOTFOUND=return] files
|
|
-netmasks: nisplus [NOTFOUND=return] files
|
|
-netgroup: nisplus
|
|
-bootparams: nisplus [NOTFOUND=return] files
|
|
-publickey: nisplus
|
|
-automount: files
|
|
-aliases: nisplus [NOTFOUND=return] files
|
|
-</Screen>
|
|
-
|
|
+See the ``man 5 passwd'' for further explantion and more examples.
|
|
</Para>
|
|
|
|
</Sect2>
|
|
@@ -1478,41 +918,6 @@
|
|
</Para>
|
|
|
|
<Para>
|
|
-The NIS server software can be found on:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- Site Directory File Name
|
|
-
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.4.tar.gz
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.4.tar.bz2
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-You could also look at
|
|
-<ULink
|
|
-URL="http://www.linux-nis.org/nis/"
|
|
->http://www.linux-nis.org/nis/</ULink
|
|
->
|
|
-for more information.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-The server setup is the same for both traditional NIS and NYS.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-Compile the software to generate the <Command>ypserv</Command> and
|
|
-<Command>makedbm</Command>
|
|
-programs. ypserv-2.x only supports the securenets file for access
|
|
-restrictions.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
If you run your server as master, determine what files you require to be
|
|
available via NIS and then add or remove the appropriate
|
|
entries to the "all" rule in <filename>/var/yp/Makefile</filename>.
|
|
@@ -1521,19 +926,9 @@
|
|
</Para>
|
|
|
|
<Para>
|
|
-There was one big change between ypserv 1.1 and ypserv 1.2. Since
|
|
-version 1.2, the file handles are cached. This means you have to
|
|
-call makedbm always with the -c option if you create new maps. Make
|
|
-sure, you are using the
|
|
-new <filename>/var/yp/Makefile</filename> from ypserv 1.2 or later,
|
|
-or add the -c flag to makedbm in the Makefile. If you don't do that,
|
|
-ypserv will continue to use the old maps, and not the updated one.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
Now edit <filename>/var/yp/securenets</filename> and
|
|
-<filename>/etc/ypserv.conf</filename>.
|
|
-For more information, read the ypserv(8) and ypserv.conf(5) manual pages.
|
|
+<filename>/etc/rc.conf</filename>.
|
|
+For more information, read the ypserv(8) manual page and /etc/rc.conf comments.
|
|
</Para>
|
|
|
|
<Para>
|
|
@@ -1575,7 +970,7 @@
|
|
<Para>
|
|
|
|
<Screen>
|
|
- % /usr/lib/yp/ypinit -m
|
|
+ % /usr/sbin/ypinit -m
|
|
</Screen>
|
|
|
|
</Para>
|
|
@@ -1586,7 +981,7 @@
|
|
must be configured as NIS client before you could run
|
|
|
|
<Screen>
|
|
- % /usr/lib/yp/ypinit -s masterhost
|
|
+ % /usr/sbin/ypinit -s masterhost
|
|
</Screen>
|
|
|
|
to install the host as NIS slave.
|
|
@@ -1612,16 +1007,16 @@
|
|
</Para>
|
|
|
|
<Para>
|
|
-You might want to edit root's crontab *on the slave* server and add the
|
|
+You might want to edit the system crontab (/etc/crontab) *on the slave* server and add the
|
|
following lines:
|
|
</Para>
|
|
|
|
<Para>
|
|
|
|
<Screen>
|
|
- 20 * * * * /usr/lib/yp/ypxfr_1perhour
|
|
- 40 6 * * * /usr/lib/yp/ypxfr_1perday
|
|
- 55 6,18 * * * /usr/lib/yp/ypxfr_2perday
|
|
+ 20 * * * * root /usr/libexec/ypxfr passwd.byname
|
|
+ 21 * * * * root /usr/libexec/ypxfr passwd.byuid
|
|
+ 55 19 * * * root /usr/libexec/ypxfr hosts.ypname
|
|
</Screen>
|
|
|
|
This will ensure that most NIS maps are kept up-to-date, even if an
|
|
@@ -1634,7 +1029,7 @@
|
|
the new slave server has permissions to contact the NIS master. Then run
|
|
|
|
<Screen>
|
|
- % /usr/lib/yp/ypinit -s masterhost
|
|
+ % /usr/sbin/ypinit -s masterhost
|
|
</Screen>
|
|
|
|
on the new slave. On the master server, add the new slave server name
|
|
@@ -1646,7 +1041,7 @@
|
|
<Para>
|
|
If you want to restrict access for users to your NIS server, you'll have
|
|
to setup the NIS server as a client as well by running ypbind and adding the
|
|
-plus-entries to <filename>/etc/passwd</filename> _halfway_
|
|
+plus-entries to <filename>/etc/master.passwd</filename> _halfway_
|
|
the password file. The library
|
|
functions will ignore all normal entries after the first NIS entry, and
|
|
will get the rest of the info through NIS. This way the NIS access rules
|
|
@@ -1668,17 +1063,17 @@
|
|
news:*:9:9:news:/var/spool/news:
|
|
uucp:*:10:50:uucp:/var/spool/uucp:
|
|
nobody:*:65534:65534:noone at all,,,,:/dev/null:
|
|
- +miquels::::::
|
|
- +:*:::::/etc/NoShell
|
|
+ +dennis:::::::::
|
|
+ +*:::::::::/bin/false
|
|
[ All normal users AFTER this line! ]
|
|
tester:*:299:10:Just a test account:/tmp:
|
|
- miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
|
|
+ obrien:1765:01:10::0:0:David O'Brien:/home/obrien:/bin/sh
|
|
</Screen>
|
|
|
|
</Para>
|
|
|
|
<Para>
|
|
-Thus the user "tester" will exist, but have a shell of /etc/NoShell. miquels
|
|
+Thus the user "tester" will exist, but have a shell of /bin/false. obrien
|
|
will have normal access.
|
|
</Para>
|
|
|
|
@@ -1686,7 +1081,7 @@
|
|
Alternatively, you could edit the <filename>/var/yp/Makefile</filename> file
|
|
and set NIS to use
|
|
another source password file. On large systems the NIS password and group
|
|
-files are usually stored in <Literal remap="tt">/etc/yp/</Literal>. If you do this the normal
|
|
+files are sometimes stored in <Literal remap="tt">/etc/yp/</Literal>. If you do this the normal
|
|
tools to administrate the password file such as <Literal remap="tt">passwd</Literal>, <Literal remap="tt">chfn</Literal>,
|
|
<Literal remap="tt">adduser</Literal> will not work anymore and you need special homemade tools
|
|
for this.
|
|
@@ -1699,137 +1094,6 @@
|
|
|
|
</Sect2>
|
|
|
|
-<Sect2>
|
|
-<Title>The Server Program yps
|
|
-<IndexTerm><Primary
|
|
->NIS!yps server</Primary></IndexTerm>
|
|
-
|
|
-<IndexTerm><Primary
|
|
->yps NIS server</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-To set up the "yps" NIS server please refer to the previous paragraph.
|
|
-The "yps" server setup is similar, _but_ not exactly the same so
|
|
-beware if you try to apply the "ypserv" instructions to "yps"!
|
|
-"yps" is not supported by any author, and contains some security leaks.
|
|
-You really shouldn't use it !
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-The "yps" NIS server software can be found on:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- Site Directory File Name
|
|
-
|
|
- ftp.lysator.liu.se /pub/NYS/servers yps-0.21.tar.gz
|
|
- ftp.kernel.org /pub/linux/utils/net/NIS yps-0.21.tar.gz
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>The Program rpc.ypxfrd
|
|
-<IndexTerm><Primary
|
|
->NIS|rpc.ypxfrd daemon</Primary></IndexTerm>
|
|
-
|
|
-<IndexTerm><Primary
|
|
->rpc.ypxfrd daemon</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-rpc.ypxfrd is used for speed up the transfer of very large
|
|
-NIS maps from a NIS master to NIS slave servers. If a
|
|
-NIS slave server receives a message that there is a new
|
|
-map, it will start ypxfr for transfering the new map.
|
|
-ypxfr will read the contents of a map from the master
|
|
-server using the yp_all() function. This process can take
|
|
-several minutes when there are very large maps which have
|
|
-to store by the database library.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-The rpc.ypxfrd server speeds up the transfer process by
|
|
-allowing NIS slave servers to simply copy the master
|
|
-server's map files rather than building their own from
|
|
-scratch. rpc.ypxfrd uses an RPC-based file transfer protocol,
|
|
-so that there is no need for building a new map.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-rpc.ypxfrd can be started by inetd. But since it starts
|
|
-very slow, it should be started with ypserv. You need to start
|
|
-rpc.ypxfrd only on the NIS master server.
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
-<Sect2>
|
|
-<Title>The Program rpc.yppasswdd
|
|
-<IndexTerm><Primary
|
|
->NIS!rpc.yppasswdd daemon</Primary></IndexTerm>
|
|
-
|
|
-<IndexTerm><Primary
|
|
->rpc.yppasswdd daemon</Primary></IndexTerm>
|
|
-</Title>
|
|
-
|
|
-<Para>
|
|
-Whenever users change their passwords, the NIS password database and
|
|
-probably other NIS databases, which depend on the NIS password
|
|
-database, should be updated. The program "rpc.yppasswdd" is a server that
|
|
-handles password changes and makes sure that the NIS information will
|
|
-be updated accordingly. rpc.yppasswdd is now integrated in ypserv. You
|
|
-don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz,
|
|
-and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.3.2
|
|
-has full shadow support. yppasswd is now part of yp-tools-2.2.tar.gz.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-You need to start rpc.yppasswdd only on the NIS master server. By default,
|
|
-users are not allowed to change their full name or the login shell.
|
|
-You can allow this with the -e chfn or -e chsh option.
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-If your passwd and shadow files are not in another directory then
|
|
-/etc, you need to add the -D option. For example, if you have put
|
|
-all source files in /etc/yp and wish to allow the user to change
|
|
-his shell, you need to start rpc.yppasswdd with the following parameters:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- rpc.yppasswdd -D /etc/yp -e chsh
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-or
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<Screen>
|
|
- rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh
|
|
-</Screen>
|
|
-
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-There is nothing more to do. You just need to make sure, that
|
|
-<Literal remap="tt">rpc.yppasswdd</Literal> uses the same files as <Literal remap="tt">/var/yp/Makefile</Literal>.
|
|
-Errors will be logged using syslog.
|
|
-</Para>
|
|
-
|
|
-</Sect2>
|
|
-
|
|
</Sect1>
|
|
|
|
<Sect1 id="verification">
|
|
@@ -1837,8 +1101,6 @@
|
|
<IndexTerm><Primary
|
|
>NIS!verification of operation</Primary></IndexTerm>
|
|
|
|
-<IndexTerm><Primary
|
|
->NYS!verification of operation</Primary></IndexTerm>
|
|
</Title>
|
|
|
|
<Para>
|
|
@@ -1869,9 +1131,7 @@
|
|
|
|
<Para>
|
|
(where userid is the login name of an arbitrary user) should give you
|
|
-the user's entry in the NIS passwd file. The "ypcat" and "ypmatch"
|
|
-programs should be included with your distribution of traditional
|
|
-NIS or NYS.
|
|
+the user's entry in the NIS passwd file.
|
|
</Para>
|
|
|
|
<Para>
|
|
@@ -2172,92 +1432,6 @@
|
|
>NIS!problems with</Primary></IndexTerm>
|
|
</Title>
|
|
|
|
-<Para>
|
|
-Here are some common problems reported by various users:
|
|
-</Para>
|
|
-
|
|
-<Para>
|
|
-
|
|
-<OrderedList>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-The libraries for 4.5.19 are broken. NIS won't work with it.
|
|
-
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-If you upgrade the libraries from 4.5.19 to 4.5.24 then the
|
|
-su command breaks. You need to get the su command from the
|
|
-slackware 1.2.0 distribution. Incidentally that's where you
|
|
-can get the updated libraries.
|
|
-
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-When a NIS server goes down and comes up again ypbind starts
|
|
-complaining with messages like:
|
|
-
|
|
-<screen>
|
|
- yp_match: clnt_call:
|
|
- RPC: Unable to receive; errno = Connection refused
|
|
-</screen>
|
|
-
|
|
-and logins are refused for those who are registered in the
|
|
-NIS database. Try to login as root and kill
|
|
-ypbind and start it up again. An update to ypbind 3.3 or higher
|
|
-should also help.
|
|
-
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-After upgrading the libc to a version greater then 5.4.20, the YP tools
|
|
-will not work any longer. You need yp-tools 1.2 or later for
|
|
-libc >= 5.4.21 and glibc 2.x. For earlier libc version you need
|
|
-yp-clients 2.2. yp-tools 2.x should work for all libraries.
|
|
-
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-In libc 5.4.21 - 5.4.35 yp_maplist is broken, you need 5.4.36 or later,
|
|
-or some YP programs like ypwhich will segfault.
|
|
-
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-libc 5 with traditional NIS doesn't support shadow passwords over NIS.
|
|
-You need libc5 + NYS or glibc 2.x.
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-ypcat shadow doesn't show the shadow map. This is correct, the name of
|
|
-the shadow map is shadow.byname, not shadow.
|
|
-</Para>
|
|
-</ListItem>
|
|
-<ListItem>
|
|
-
|
|
-<Para>
|
|
-Solaris doesn't use always privileged ports. So don't use password
|
|
-mangling if you have a Solaris client.
|
|
-</Para>
|
|
-</ListItem>
|
|
-
|
|
-</OrderedList>
|
|
-
|
|
-</Para>
|
|
-
|
|
</Sect1>
|
|
|
|
<Sect1 id="faq">
|
|
@@ -2274,7 +1448,7 @@
|
|
<Para>
|
|
|
|
<Screen>
|
|
- comp.os.linux.networking
|
|
+ hackers@FreeBSD.org
|
|
</Screen>
|
|
|
|
</Para>
|