[TriLUG] Granting user console access via NIS - fedora 2

Kevin Flanagan kevin at flanagannc.net
Tue Oct 12 21:30:24 EDT 2004 

I did notice some changes when going from FC1 to FC2, I believe that it
was the working of the root_squash param, with the automounter it didn't
behave quite the same way, once I got past that all was back to well
again.  NIS and the automounter are a great combo!

On Tue, 2004-10-12 at 15:56, Jon Carnes wrote:

> On Tue, 2004-10-12 at 15:25, Craig Cook wrote:
> > I have a 7yr background in Solaris, only 1yr or so with Linux.  New site as well (been here 3 weeks) so don't know the full setup yet.
> > 
> > Anyway, I have NIS sort of working on fedora 2 (built using a kickstart server I setup).  I can login remotely (telnet or ssh) being authenticated via corporate NIS. User home dirs do not auto mount, haven't work out why not yet.  (I don't have admin access to the NIS servers).
> > 
> > The real question is how can I allow a standard user to login to the console with their own username, authenticated via NIS.
> > 
> > Currently, it only looks at /etc/passwd if using the console, but I don't understand why.
> > 
> > /etc/nsswitch.conf is set for "files nis" for passwd, shadow, and group.
> > 
> > Searched google and looks like it may be something to do with PAM and/or /etc/security/access.conf, but not sure if I am on the right track.
> > 
> > This is a lab PC, not a server.  Users do not have root access though.
> > 
> > Anyone have ideas?
> > 
> > btw, I know NIS is not secure, not my call.
> > 
> > Thanks
> > 
> > Craig
> 
> Here is a nice overview of NIS on RedHat. I wrote it with RH9 but it
> should work with Fedora Core as well (as long as they don't break NIS
> and NFS).
> 
> http://www.trilug.org/~jonc/nfs/nfs_nis_automount.txt
> 
> You probably don't want to use Shadow with NIS (it should work, but
> really what's the point...)
> 
> You definitely want to put to modify your nsswitch.conf to put "nis" in
> front of "files". This will use the NIS information first (if they exist
> in NIS) and then fall back to the local user.  By default it should be
> setup to not use users below 400 (I think) for NIS. That will keep it
> from trying to login root via NIS on the local console.
> 
> Good Luck.  I had NIS/NFS running across multiple OS's for a former
> company. We used it with Samba to have one single login for all our
> systems. It worked very nicely.
> 
> Jon Carnes

-- 

+--------------------------------------------------------------+
If you never see anything that offends you, you aren't living in a free
society

Kim Campbell - Former Canadian Prime Minister

More information about the TriLUG mailing list