Schlagwortarchiv für: NIS


Information lookup services and authentication protocols rely on secure passwords to remain credible—the Network Information Service is no exception. You can set up these passwords during configuration or when adding users. However, you can still change the user passwords from time to time.

Interestingly, users can effectively change their NIS passwords using the various methods. But irrespective of your chosen method, you must use the NIS yppasswd command.

This article will take you through the various ways to change your NIS passwords. Notably, it will focus on how you can do this using the yppasswd daemon.

Let’s go!

How to Use the yppasswd Command to Change the NIS Passwords

The standard model of installing or changing the NIS passwords is through the yppasswd daemon. The command is an seudónimo for the passwd command. The yppasswd command modifies the /etc/passwd file merienda the user logs into the master server. Of course, you will need to rebuild the passwd map manually.

To change an NIS password, you must be the owner of that password. However, the root users on NIS servers have the privilege to change another user’s password even without knowing the respective user’s flamante password.

This action is possible by entering the root user’s password instead of the user’s flamante password. Notably, this privilege is not available for the root users who are accessing the system from an NIS client machine.

The syntax for this utility is as follows:

The two sobresaliente flags in the above synopsis are as follows:

  • -f [ Name ] – This flag helps to change the gecos information (information in the /etc/passwd file) in the NIS maps for every User Name.
  • -s [ Name [ ShellProg ]] – This flag changes the login shell in the maps for any User Name.

How the yppasswd Works

Merienda the yppasswd command is already running on your master server, you can proceed to change the passwords from any host within the domain by typing the following command:

Merienda you enter the given utility in the command line, the system will prompt you to enter the old password. Mostly, the NIS passwords should have a minimum of six characters.

If you enter an incorrect old password, you will not get an error message until you key in your new password. This happens because the system needs both passwords simultaneously to activate the update protocol. So, the system will only inform you if the old password is wrong after you click the update button.

The following are the three ways on how you can use the yppasswd command to change NIS passwords:

a. Change the NIS Password of a User

Notably, the previous command is handy when changing a user’s credentials. The user can handle this independently. Alternatively, a root user on a server machine can change any user’s password even without knowing the user’s existing password.

Tweak the command as shown in the following illustration. The example demonstrates how you can change the password for a user named Ken in your system. The system will prompt you to enter Ken’s password. If you are a root user on a server machine and do not know Ken’s current password, use your password before entering a new password for Ken.

b. Change the Login Shell of a User

You can also change a user’s login shell using the yppasswd daemon. You will get a prompt for the user’s new shell as the old shell comes as a default. Notably, you should do this if the yppasswd utility does not have a –noshell flag when it is run.

For example, you can change the login shell of the user named Ken to /bin/ksh using the following command:

c. Change the Gecos Information of a User

Finally, you can use the command to change the gecos information of a user, as can be found in the passswd file. Similar with the login shell modifications, this only happens when the yppasswdd utility is not started with the –nogecos flag.

Conclusion

The given examples are some of the common ways through which you can change the NIS passwords. Hopefully, this article is helpful and you can now go through the procedure independently.

Sources:



Source link


NIS, an abbreviation for Network Information Service, is a distributed database that helps you to maintain configuration files consistently in your networks. It provides a mainframe-client indexing service that store and circulates the server configuration information. Notably, it helps to manage the host and client names between machines in a PC network environment.

With the previous introductory information, it is right to conclude that NIS provides management and lookup services for the users within a network. But this is only possible merienda you add the user credentials to your database.

This article will provide a step-by-step guide on adding the users to your NIS system. Besides, it will also discuss how you can check the users within your system or find a specific user within the network.

Adding NIS Users to an NIS Domain

You can follow these steps to add a new user to your Linux NIS domain:

Step 1: Log in on the Master Server

You can only add the users if you have all the privileges of an administrator. Thus, begin by becoming an administrator on the master server. Notably, you can do this by creating your NIS profile during the NIS configuration.

Step 2: Create a New User

Proceed to create a new user using the useradd command. The utility creates the entries with relevant user credentials in the /etc/passwd file and the /etc/shadow profile. The following command illustrates this step and you can replace the userID with the login ID of the user you intend to add:


Step 3: Create a Password for the New User

Use the yppasswd command to create a password for the new user. The user will use this password whenever they want to log in. In the following illustration, the UserID specifies the user whose password you are creating. This step is important to ensure that the password created is lockable and useable during logins. The password created with the initial useradd command is not lockable.


Step 4: Copy the Entry into the Master Server

The next step is to copy the new user credentials into your master server’s passwd map files. Your master server’s source files should not be in a /etc file. Proceed to copy the newly created files from both the /etc/passwd and /etc/shadow files onto the passwd input file on your server.

For instance, if you add a new user named Ken, you copy the following line from the /etc/passwd to the passwd input map file:


Similarly, the following line is what you would copy from /etc/shadow to your passwd input map files:


Step 5: Delete Entries from /etc/shadow and /etc/passwd Input Files

It is trascendental to ensure that the Makefile correctly indicates the location of the copied password input file.

Merienda you copy the entries to a map source file stored in a different directory and ascertain their location, you should proceed and delete the entries in both /etc/shadow and /etc/passwd. This action is entirely for security purposes. Delete the entries using the userdel utility on your master server as indicated in the following:


Step 6: Update Your NIS Passwd Maps

Merienda your input files in the master server are updated, you can update the passwd maps using the following command:


The previous steps help add a new user to your NIS system. Merienda through, inform the new user of the initial password assigned to them. They can then login and change the password appropriately.

Finding Users in Your NIS Domain

You can also look up the users in your NIS domain. These two methods come in handy from time to time.

a. Obtaining a List of All Users in the Domain

The ypcat passwd command displays a complete list of the users in your system. You can use it as in the following illustration:

b. Finding a Specific User

You can identify a specific user from your system by running the following command:


For example, you can look up the user named Ken in the NIS system by replacing the “username” in the command with Ken.

If the user named Ken is available, you will receive the following result:


But you can expect the following result in case the user does not exist:

Conclusion

The previous illustrations show how you can add the users to your NIS system. It also shows how you can search and find the users from your systems.

Sources:



Source link


NIS and NIS+ share as many differences as they share their similarities. These programs, commonly known as Network Information Service and Network Information Service Plus, deliver a simple network lookup and check of the processes and databases.

NIS is formally known as Sun Yellow Pages and provides information that the entire network should know. Notably, NIS and NIS+ provide the following information:

  • Login passwords, names, or home directories (e.g. /etc/password)
  • Group information (e.g. /etc/group)
  • IP numbers and hostnames (e.g. /etc/hosts)

This article will explain how NIS and NIS+ work. The article also highlights the key differences and similarities between the two frameworks. Finally, you will learn when to go with NIS and when to consider using the NIS+.

NIS vs. NIS+ Comparison

NIS and NIS+ share more than their name—they share a common objective. However, they also have an array of differences. Notably, the Network Information Service Plus (NIS+) is an enhanced version of the innovador Network Information Service. It implies that it has new features and different terminology for the similar concepts.

The following table summarizes the difference between NIS and NIS+.

Comparison Table Between NIS and NIS+

NIS NIS+
It features the flat domains and has no hierarchy. It features the hierarchical domains and stores the data in different namespace levels.
It allows the use of similar machine names and user names. The machine and user cannot share a name. Besides, you cannot have a dot (.) in either of the names.
All names and commands are pretty case-sensitive. The commands and names are not case-sensitive.
Does not use any authentication. Uses DES authentication.
Uses two-column tables to store data. Uses multi-column tables to store data.
The client has only one choice of network information source. The client has a range of network information sources to choose from including DNS, NIS, NIS+, or any particular /etc. file.
Features a maximum size of 1024 bites, a limitation applying to all the NIS map files. There are no size limitations.
Does not support the encrypted and secure RPC. Supports the secure and encrypted RPC.
It uses RPC Version 2. It uses RPC version 3.
Will often delay the updates for batch propagation. It propagates incremental updates instantly.

NIS and NIS+ Domain Structure

Notably, unlike most versions of the innovador protocols, NIS+ does not improve NIS. Instead, it works as its replacement. NIS aims to address the network administration requirements of the relatively small client-server requirements. Thus, it is more suitable for the environments with a few hundred clients, trusted users, and a few multipurpose servers.

But you will need the NIS+ for large, modern, and complex client-server network administrations. It comes with more autonomy. It conveniently handle the networks with up to 10,000 multivendor clients and up to 100 specialized servers located worldwide. The domain hierarchy is similar to that of DNS. However, it is more developed and is able to store the information about users, workstations, and network services.

NIS+ features interoperability characteristics that allow you to upgrade from NIS. It also allows the continued interaction with DNS as initially provided by NIS. The nispopulate command allows the NIS compatibility if you intend to move from NIS to NIS Plus.

An example file of NIS is as follows:

An example of an NIS+ file is as follows:

How NIS Works

You must have a single machine within your network that acts as an NIS server for NIS to work. However, you can still have multiple NIS servers, with each server serving a different NIS domain.

You can also utilize the cooperating servers where one machine acts as a master server while the rest are NIS slave servers. In such an arrangement, the slave servers only have NIS database copies and receive and implement the changes from the master server.

The main reason for having one or more slave servers in your systems is to maintain the uptime of your network throughout. Thus, the client machines can check through any fast or reliable slave servers whenever a master server is down or too slow.

How NIS+ Works

NIS+ works by supporting the authentication and data encryption—and it does this over a secure and reliable RPC. Thus, this is a better security tool than NIS.

The naming model here leverages a tree structure, with each node in the tree directly corresponding to a NIS+ object. Notably, the design has up to six trees including table, link, directory, group, entry, and private.

The root directory forms the basis of the NIS+ namespace. The two special directories include the groups_dir and the org_dir. The groups_dir is responsible for access control since it has NIS+ group objects. On the other hand, the org_dir contains the administration tables such as hosts, passwd, and mail_aliases.

Conclusion

That makes the end of our introduction to NIS and NIS+. Now, choosing between NIS and NIS+ is not a hard choice. Consider NIS+ if you have serious security needs within your networks. Although it is slightly easy to administer, it remarkably secure your systems. On the other hand, NIS is generally an administration protocol. It is pretty easy to minister but lacks the security measures.

Sources:



Source link