Centralized logins with NIS

1
Centralized logins with NIS

Eric Stolten Tim Meade Mark Sidnam
2
NIS

• Purpose of NIS
• This enables centralized user logins across
  networks.
• The centralized database allows users to login
  and change passwords in one location and have the
  changes reflected across all involved systems.

3
NIS

• Background Information
• NIS was originally developed by Sun Microsystems
  under the name Yellow Pages. However, we are not
  allowed to use that trademarked name.

4
NIS vs. NIS

• NIS was supposed to be a more secure replacement
  to NIS providing security and easy implementation
  over large area networks.
• It is important to note that NIS is not the same
  project as NIS. It is a newer version released
  by Sun Microsystems.

5
NIS vs. NIS

• NIS increases security by using additional
  authentication methods.
• We chose to use NIS over NIS because of the
  small network size and stability.

6
NIS Server Configuration

• Necessary configuration.
• /etc/sysconfig/networkNISDOMAINlab2.research.c
  s.uofs.edu
• /etc/yp.conf --This is the ypbind conf
  fileypserver 127.0.0.1

7
NIS Server Configuration

• Necessary running daemons
• portmap An RPC daemon.
• yppasswd allows NIS clients to change their
  passwords
• ypserv -- The main NIS server
• ypbind The main NIS client
• ypxfrd Speeds up password database transfers.

8
Check for running Daemons

• It is helpful to check that our processes are
  running with rpcinfo -p localhost.
• Output should produce something likeroot_at_bigboy
  tmp rpcinfo -p localhost
• program vers proto port
• 100000 2 tcp 111 portmapper
• 100000 2 udp 111 portmapper
• 100009 1 udp 681 yppasswdd
• 100004 2 udp 698 ypserv
• 100004 1 udp 698 ypserv
• 100004 2 tcp 701 ypserv
• 100004 1 tcp 701 ypserv

9
Initializing the NIS Domain

• To build our database, we must run the command
  /usr/lib/yp/ypinit -m
• This verifies the NIS domain name and generates
  password databases according to the entries in
  /etc/passwd
• We must rebuild the databases each time a user is
  added to the system.

10
Adding More Users

• After the initialization you need to run
• useradd ltusernamegt
• Then run
• passwd ltusernamegt
• You can verify this by typing
• ypmatch ltnisusernamegt ltpasswdgt
• It will display the user name with an encrypted
  password.

11
Configuration of the Client

• The authconfig program configures the NIS files
  after prompting for the IP and domain of the NIS
  server
• Once finished it will create the file
• /etc/yp.conf
• It also adds the NIS domain to the file
• /etc/sysconfig/network
• This line had to be added to the
  /etc/passwd file to direct it to the server.

12
Running the Client

• Daemons that need to run Client Side
• ypbind
• portmapper
• yppasswdd
• To ensure that the services start the next reboot
  you need to run
• chkconfig ltNISSERVICEgt on

13
Problems

• An incorrect configuration in the
• /var/yp/securenets
• prevented us from originally connecting from any
  computer other than lab2

14
Problems

• Packages were missing
• Ran the Red hat package manager and added the
  packages
• Firewall was running by default which prevented
  connections to the server from some clients.
• Disabled the firewall
• Applications/system settings/security settings

15
Security Issues

• restricting the server to static IP address
  removes some fear of hackers
• hacks/cracks included
• running ypcat and cracking the passwd file
• obtaining passwd map with ypx
• guesses domain name to look like a box on the
  network

16
Resources

• www.linuxhomenetworking.com
• www.eng.aunurn.edu