Centralized logins with NIS - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Centralized logins with NIS

Description:

Centralized logins with NIS Eric Stolten Tim Meade Mark Sidnam NIS Purpose of NIS This enables centralized user logins across networks. The centralized database ... – PowerPoint PPT presentation

Number of Views:81
Avg rating:3.0/5.0
Slides: 17
Provided by: uof1
Category:

less

Transcript and Presenter's Notes

Title: Centralized logins with NIS


1
Centralized logins with NIS

Eric Stolten Tim Meade Mark Sidnam
2
NIS
  • Purpose of NIS
  • This enables centralized user logins across
    networks.
  • The centralized database allows users to login
    and change passwords in one location and have the
    changes reflected across all involved systems.

3
NIS
  • Background Information
  • NIS was originally developed by Sun Microsystems
    under the name Yellow Pages. However, we are not
    allowed to use that trademarked name.

4
NIS vs. NIS
  • NIS was supposed to be a more secure replacement
    to NIS providing security and easy implementation
    over large area networks.
  • It is important to note that NIS is not the same
    project as NIS. It is a newer version released
    by Sun Microsystems.

5
NIS vs. NIS
  • NIS increases security by using additional
    authentication methods.
  • We chose to use NIS over NIS because of the
    small network size and stability.

6
NIS Server Configuration
  • Necessary configuration.
  • /etc/sysconfig/networkNISDOMAINlab2.research.c
    s.uofs.edu
  • /etc/yp.conf --This is the ypbind conf
    fileypserver 127.0.0.1

7
NIS Server Configuration
  • Necessary running daemons
  • portmap An RPC daemon.
  • yppasswd allows NIS clients to change their
    passwords
  • ypserv -- The main NIS server
  • ypbind The main NIS client
  • ypxfrd Speeds up password database transfers.

8
Check for running Daemons
  • It is helpful to check that our processes are
    running with rpcinfo -p localhost.
  • Output should produce something likeroot_at_bigboy
    tmp rpcinfo -p localhost
  • program vers proto port
  • 100000 2 tcp 111 portmapper
  • 100000 2 udp 111 portmapper
  • 100009 1 udp 681 yppasswdd
  • 100004 2 udp 698 ypserv
  • 100004 1 udp 698 ypserv
  • 100004 2 tcp 701 ypserv
  • 100004 1 tcp 701 ypserv

9
Initializing the NIS Domain
  • To build our database, we must run the command
    /usr/lib/yp/ypinit -m
  • This verifies the NIS domain name and generates
    password databases according to the entries in
    /etc/passwd
  • We must rebuild the databases each time a user is
    added to the system.

10
Adding More Users
  • After the initialization you need to run
  • useradd ltusernamegt
  • Then run
  • passwd ltusernamegt
  • You can verify this by typing
  • ypmatch ltnisusernamegt ltpasswdgt
  • It will display the user name with an encrypted
    password.

11
Configuration of the Client
  • The authconfig program configures the NIS files
    after prompting for the IP and domain of the NIS
    server
  • Once finished it will create the file
  • /etc/yp.conf
  • It also adds the NIS domain to the file
  • /etc/sysconfig/network
  • This line had to be added to the
    /etc/passwd file to direct it to the server.

12
Running the Client
  • Daemons that need to run Client Side
  • ypbind
  • portmapper
  • yppasswdd
  • To ensure that the services start the next reboot
    you need to run
  • chkconfig ltNISSERVICEgt on

13
Problems
  • An incorrect configuration in the
  • /var/yp/securenets
  • prevented us from originally connecting from any
    computer other than lab2

14
Problems
  • Packages were missing
  • Ran the Red hat package manager and added the
    packages
  • Firewall was running by default which prevented
    connections to the server from some clients.
  • Disabled the firewall
  • Applications/system settings/security settings

15
Security Issues
  • restricting the server to static IP address
    removes some fear of hackers
  • hacks/cracks included
  • running ypcat and cracking the passwd file
  • obtaining passwd map with ypx
  • guesses domain name to look like a box on the
    network

16
Resources
  • www.linuxhomenetworking.com
  • www.eng.aunurn.edu
Write a Comment
User Comments (0)
About PowerShow.com