Centralized logins with NIS

Eric Stolten
Tim Meade
Mark Sidnam
 NIS

Purpose of NIS
This enables centralized user logins across
networks.
The centralized database allows users to login
and change passwords in one location and have
the changes reflected across all involved
systems.
 NIS

Background Information
NIS was originally developed by Sun
Microsystems under the name Yellow Pages.
However, we are not allowed to use that
trademarked name.
 NIS vs. NIS+

NIS+ was supposed to be a more secure

replacement to NIS providing security and
easy implementation over large area
networks.

It is important to note that NIS+ is not the

same project as NIS. It is a newer version
released by Sun Microsystems.
 NIS vs. NIS+

NIS+ increases security by using additional

authentication methods.

We chose to use NIS over NIS+ because of

the small network size and stability.
 NIS Server Configuration

Necessary configuration.
#/etc/sysconfig/network
NISDOMAIN=lab2.research.cs.uofs.edu
#/etc/yp.conf --This is the ypbind conf file
ypserver 127.0.0.1
 NIS Server Configuration

Necessary running daemons

portmap An RPC daemon.
yppasswd allows NIS clients to change their
passwords
ypserv -- The main NIS server
ypbind The main NIS client
ypxfrd Speeds up password database
transfers.
 Check for running Daemons

It is helpful to check that our processes are

running with rpcinfo -p localhost.
Output should produce something like
[root@bigboy tmp]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100009 1 udp 681 yppasswdd
100004 2 udp 698 ypserv
100004 1 udp 698 ypserv
100004 2 tcp 701 ypserv
100004 1 tcp 701 ypserv
 Initializing the NIS Domain

To build our database, we must run the

command /usr/lib/yp/ypinit -m

This verifies the NIS domain name and

generates password databases according to
the entries in /etc/passwd

We must rebuild the databases each time a

user is added to the system.
 Adding More Users

After the initialization you need to run:

useradd <username>

Then run
passwd <username>

You can verify this by typing

ypmatch <nisusername> <passwd>

It will display the user name with an

encrypted password.
 Configuration of the Client

The authconfig program configures the NIS files

after prompting for the IP and domain of the NIS
server

Once finished it will create the file

/etc/yp.conf

It also adds the NIS domain to the file:

/etc/sysconfig/network

This line: +:*::::: had to be added to the /etc/passwd

file to direct it to the server.
 Running the Client

Daemons that need to run Client Side

ypbind
portmapper
yppasswdd

To ensure that the services start the next

reboot you need to run:
chkconfig <NISSERVICE> on
 Problems

An incorrect configuration in the

/var/yp/securenets

prevented us from originally connecting from

any computer other than lab2
 Problems

Packages were missing

Ran the Red hat package manager and added
the packages

Firewall was running by default which

prevented connections to the server from
some clients.
Disabled the firewall
Applications/system settings/security settings
 Security Issues

restricting the server to static IP address

removes some fear of hackers

hacks/cracks included:
running ypcat and cracking the passwd file
obtaining passwd map with ypx

guesses domain name to look like a box on the
network
 Resources

www.linuxhomenetworking.com

www.eng.aunurn.edu