From: Sabrina Lautier (slautier@amadeus.net)
Date: Tue May 04 2004 - 04:39:54 EDT
All,
Thanks again to all of you who responded.
The solution is the netgroup.
For those interested, you will find below John Timon's explanation which
was very useful (the man page for this didn't help me enough).
------------------------------------------------------------------------------------------------------------------
Essentially a netgroup is an ordered triplet.
(hostname, username, domain)
you create a netgroup map in your NIS maps directory structured like this
group1 (server1,curly,) (server1,larry,) (server1,moe,)
build this map
then on server1 make sure that the nsswitch.conf file has compat set for
passwd. this allows you to add NIS specific information to the bottom of
the /etc/passwd file.
then add +@group1:::::: to the bottom of the /etc/passwd file.
run pwconv to build a new /etc/shadow file.
now curly, larry, and moe should be allowed to log into server1.
another option to provide selective logins on a given server is to put them
each in the passwd file.
set passwd to compat in /etc/nsswitch.conf and add each user to the
/etc/passwd file like this
say, bill and ted are users in nis that you want to allow access to
server2.
on server2 edit the /etc/nsswitch.conf file setting passwd to compat. then
add these two lines to the bottom of /etc/passwd
+bill::::::
+ted::::::
run pwconv and both bill and ted should be allowed to log into server2.
I would strongly endorse the purchase of the O'reilly NFS and NIS book.
------------------------------------------------------------------------------------------------------------------
Regards,
Sabrina Lautier
Amadeus SAS
DEV-IIS-OAU-SYS
+33 (0)4 97 23 09 56
slautier@amadeus.net
----- Forwarded by Sabrina Lautier/NCE/AMADEUS on 04/05/2004 08:28 -----
From: Sabrina Lautier <slautier@amadeus.net>@sunmanagers.org on
23/04/2004 10:31 ZE2
Sent by: sunmanagers-bounces@sunmanagers.org
To: sunmanagers@sunmanagers.org
cc:
Subjec How to restrict NIS users access
t: to some servers
Dear admins,
We set up a Sol9 NIS server which works fine and we're looking for a way to
restrict users to some NIS client machines.
For example:
There are 3 unix servers: server1, server2, server3
User users1 can connect to NIS client machine server1 but not to the 2
other ones
User users1 can connect to NIS client machines server1 and server2 but not
to server3
User users2 can connect to all NIS client machines
Is this possible to do that and if yes how would you do it ?
I would like as much as possible to keep the configuration centralized (ie,
not to modify NIS client machines config files).
Thanks a lot for your help.
Regards,
Sabrina Lautier
Amadeus SAS
DEV-IIS-OAU-SYS
+33 (0)4 97 23 09 56
slautier@amadeus.net
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:35 EDT