7.2. Setting up
a NIS Client using Traditional NIS
For host lookups you must set (or add) "nis" to the lookup order
line in your /etc/host.conf file. Please
read the manpage "resolv+.8" for more details.
Add the following line to /etc/passwd
on your NIS clients:
You can also use the + and - characters to include/exclude or
change users. If you want to exclude the user guest just add -guest
to your /etc/passwd file. You want to use
a different shell (e.g. ksh) for the user "linux"? No problem, just
add "+linux::::::/bin/ksh" (without the quotes) to your /etc/passwd. Fields that you don't want to change
have to be left empty. You could also use Netgroups for user
control.
For example, to allow login-access only to miquels, dth and ed,
and all members of the sysadmin netgroup, but to have the account
data of all other users available use:
+miquels:::::::
+ed:::::::
+dth:::::::
+@sysadmins:::::::
-ftp
+:*::::::/etc/NoShell
|
Note that in Linux you can also override the password field, as
we did in this example. We also remove the login "ftp", so it isn't
known any longer, and anonymous ftp will not work.
The netgroup would look like
sysadmins (-,software,) (-,kukuk,)
|
IMPORTANT: The netgroup feature is implemented starting from
libc 4.5.26. If you have a version of libc earlier than 4.5.26,
every user in the NIS password database can access your linux
machine if you run "ypbind" !
