From owner-freebsd-hackers Wed Jun 25 01:08:27 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA09093 for hackers-outgoing; Wed, 25 Jun 1997 01:08:27 -0700 (PDT) Received: from hydrogen.nike.efn.org (resnet.uoregon.edu [128.223.170.28]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA09086 for ; Wed, 25 Jun 1997 01:08:21 -0700 (PDT) Received: (from jmg@localhost) by hydrogen.nike.efn.org (8.8.5/8.8.5) id BAA00712; Wed, 25 Jun 1997 01:06:19 -0700 (PDT) Message-ID: <19970625010619.04305@hydrogen.nike.efn.org> Date: Wed, 25 Jun 1997 01:06:19 -0700 From: John-Mark Gurney To: Chuck Robey Cc: FreeBSD-Hackers Subject: Re: NIS References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.69 In-Reply-To: ; from Chuck Robey on Tue, Jun 24, 1997 at 11:42:19PM -0400 Reply-To: John-Mark Gurney Organization: Cu Networking X-Operating-System: FreeBSD 2.2.1-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Chuck Robey scribbled this message on Jun 24: > I have been reading about NIS, trying to come to grips with it all, but I > haven't been able to com eup with an answer to one last stumbling block. > Maybe someone here knows what I don't ... > > I'm trying to figure out a flexible and reliable setup for a small ISP > that has maybe 5 machines. What I would ideally like is to have a main > server, have the database on that server duplicated on a second machine > just in case the first machine has to go down for maintenance (or some > catastrophe), and the rest of the machines be slaves. I'm particularly > interested in the passwd map. actually.. FreeBSD's NIS implementation is quite secure... as long as you know your wires are secure there shouldn't be any problems... > What I don't understand is how the passwd maps can get converted into the > passwd file and the mater.passwd file, so they could be duplilcated, both > on the main server and the secondary server. I think I understand how ok.. to get NIS working, you need to add a line like: +::::::::: to your master.passwd on each machine that you want to bring in users from NIS... this will tell the libc code that does user lookup to also search nis info... > yp_mkdb makes the nis maps, but I don't see how the source files for the > maps get updated. I know this isn't terribly important for files other > than passwd, but it's passwd that I'm interested in. I want to have the > master.passwd and passwd files on the server right up to date, and the > same files on the backup server fairly close, say, no more than several > hours out of date. I could just move the files occaisonally from the > server to a backup dir on the slave server, but I don't see how they ever > get built at all on the master. no.. you don't need to do this... the password maps can automaticly be transfered when they are updated... there are a number of ways you can use nis.. a) the machine is a consumer, that means each time it does a user look up that it will go to a nis server to obtain the user's info, my terminal server does this. b) the machine is just a server. it will answer nis requests but won't use it for local authentication. c) the machine is both a consumer and a server... this means that when nis does lookups, it doesn't have to look farther than the local machine. there will have to be one MASTER server that contains all the orignal files and this is the server that distributes the information to the other servers (and possibly clients)... > Clarifying: I see how the maps gets built on the master, first time, but > once yppasswd changes some user's passwd, then the source files are out of > date. How do they get updated? the yppasswd proccess should automaticly run make in /var/yp which will update the new maps and distribute them to the servers (if you have any secondary servers)... just a bit of info... in /var/yp there are a few files you will need... ypservers: list of servers that the maps need to be sent to sercurenets: these are the networks/machines that are allowed to make connections to. master.passwd: this is the master.passwd file that all the maps are built from. just make sure you have the right programs running on the right machines.. once you get it up and running, it works like a charm and is very nice... hope you get it working.. ttyl.. -- John-Mark Gurney Modem/FAX: +1 541 683 6954 Cu Networking Live in Peace, destroy Micro$oft, support free software, run FreeBSD