As previously announced, remove ports that have reached their expiry date,

and the handful of ports that depended on them.
author: Kris Kennaway <kris@FreeBSD.org> 2005-02-18 23:44:49 +0000
committer: Kris Kennaway <kris@FreeBSD.org> 2005-02-18 23:44:49 +0000
commit: 11ea174ccbc9cebd4134768e8fb92c6a3dc2c559 (patch)
tree: 1514ed7a486e108239615c1d83319d83bacdbc3d /misc/Howto/files/patch-nis
parent: Update dependency to bash2 in preparation for removing bash1. (diff)
1 files changed, 0 insertions, 1248 deletions
diff --git a/misc/Howto/files/patch-nis b/misc/Howto/files/patch-nis
deleted file mode 100644
index 90308a40ccc0..000000000000
--- a/misc/Howto/files/patch-nis
+++ /dev/null
@@ -1,1248 +0,0 @@
---- NIS-HOWTO.sgml.orig	Wed Dec 25 09:56:09 2002
-+++ NIS-HOWTO.sgml	Wed Dec 25 10:53:26 2002
-@@ -4,9 +4,10 @@
- 
- <ArtHeader>
- 
--<Title>The Linux NIS(YP)/NYS/NIS+ HOWTO</Title>
-+<Title>The FreeBSD NIS(YP)/NYS/NIS+ HOWTO</Title>
- <AUTHOR
- >
-+Linux version by 
- <FirstName>Thorsten Kukuk</FirstName>
- </AUTHOR
- >
-@@ -17,9 +18,8 @@
- <Para>
- <IndexTerm><Primary>HOWTOs!NIS</Primary></IndexTerm>
- <IndexTerm><Primary>HOWTOs!YP</Primary></IndexTerm>
--<IndexTerm><Primary>HOWTOs!NYS</Primary></IndexTerm>
- <IndexTerm><Primary>HOWTOs!NIS+</Primary></IndexTerm>
--This document describes how to configure Linux as NIS(YP) or NIS+ client
-+This document describes how to configure FreeBSD as NIS(YP) client
- and how to install as NIS server.
- </Para>
- 
-@@ -30,22 +30,21 @@
- <Title>Introduction</Title>
- 
- <Para>
--More and more, Linux machines are installed as part of a network of
-+More and more, FreeBSD machines are installed as part of a network of
- computers. To simplify network administration, most networks (mostly
--Sun-based networks) run the Network Information Service. Linux machines
-+Sun-based networks) run the Network Information Service. FreeBSD machines
- can take full advantage of existing NIS service or provide NIS service
--themselves. Linux machines can also act as full NIS+ clients, this
--support is in beta stage.
-+themselves.
- </Para>
- 
- <Para>
--This document tries to answer questions about setting up NIS(YP) and NIS+
--on your Linux machine. Don't forget to read
-+This document tries to answer questions about setting up NIS(YP)
-+on your FreeBSD machine. Don't forget to read
- <XRef LinkEnd="portmapper">.
- </Para>
- 
- <Para>
--The NIS-Howto is edited and maintained by
-+The Linux version of the NIS-Howto is edited and maintained by
- </Para>
- 
- <Para>
-@@ -88,12 +87,7 @@
- </Para>
- 
- <Para>
--New versions of this document will also be uploaded to various
--Linux WWW and FTP sites, including the LDP home page.
--</Para>
--
--<Para>
--Links to translations of this document could be found at
-+Links to translations of the Linux document could be found at
- <ULink
- URL="http://www.linux-nis.org/nis-howto/"
- >http://www.linux-nis.org/nis-howto/</ULink
-@@ -131,9 +125,9 @@
- </Para>
- 
- <Para>
--Please do <Emphasis>not</Emphasis> mail me questions about special problems with your Linux
--Distribution! I don't know every Linux Distribution. But I will try to add
--every solution you send me.
-+Please do <Emphasis>not</Emphasis> mail Thorsten questions about special problems with FreeBSD.
-+The FreeBSD changes to the Linux document were done by the FreeBSD
-+Documentation Project.  Please send comments to docs@freebsd.org
- </Para>
- 
- </Sect2>
-@@ -160,10 +154,6 @@
- 
- <Para>
- Theo de Raadt is responsible for the original yp-clients code.
--Swen Thuemmler ported the yp-clients code to Linux and also ported
--the yp-routines in libc (again based on Theo's work).
--Thorsten Kukuk has written the NIS(YP) and NIS+ routines for
--GNU libc 2.x from scratch.
- </Para>
- 
- </Sect2>
-@@ -177,9 +167,8 @@
- <Title>Glossary of Terms
- <IndexTerm><Primary>NIS!glossary</Primary></IndexTerm>
- <IndexTerm><Primary>YP!glossary</Primary></IndexTerm>
--<IndexTerm><Primary>NYS!glossary</Primary></IndexTerm>
- <IndexTerm><Primary>NIS+!glossary</Primary></IndexTerm>
--<IndexTerm><Primary>glossary!NIS/NYS/YP/NIS+</Primary></IndexTerm>
-+<IndexTerm><Primary>glossary!NIS/YP/NIS+</Primary></IndexTerm>
- </Title>
- 
- <Para>
-@@ -191,7 +180,7 @@
- <VariableList>
- 
- <VarListEntry>
--<Term>DBM</Term>
-+<Term>DB</Term>
- <ListItem>
- <Para>
- DataBase Management, a library of functions which
-@@ -234,8 +223,7 @@
- <ListItem>
- <Para>
- Name services library, a library of name service calls
--(getpwnam, getservbyname, etc...) on SVR4 Unixes. GNU libc
--uses this for the NIS (YP) and NIS+ functions.
-+(getpwnam, getservbyname, etc...) on SVR4 Unixes.
- </Para>
- </ListItem>
- </VarListEntry>
-@@ -272,21 +260,10 @@
- </ListItem>
- </VarListEntry>
- <VarListEntry>
--<Term>NYS</Term>
--<ListItem>
--<Para>
--This is the name of a project and stands for NIS+, YP and Switch
--and is managed by Peter Eriksson &lt;peter@ifm.liu.se&#62;. It contains
--among other things a complete reimplementation of the NIS (= YP) code
--that uses the Name Services Switch functionality of the NYS library.
--</Para>
--</ListItem>
--</VarListEntry>
--<VarListEntry>
- <Term>NSS</Term>
- <ListItem>
- <Para>
--Name Service Switch. The /etc/nsswitch.conf file determines the order
-+Name Service Switch. On Solaris, the /etc/nsswitch.conf file determines the order
- of lookups performed when a certain piece of information is requested.
- </Para>
- </ListItem>
-@@ -329,7 +306,6 @@
- <Title>Some General Information
- <IndexTerm><Primary>NIS!general information</Primary></IndexTerm>
- <IndexTerm><Primary>YP!general information</Primary></IndexTerm>
--<IndexTerm><Primary>NYS!general information</Primary></IndexTerm>
- <IndexTerm><Primary>NIS+!general information</Primary></IndexTerm>
- </Title>
- 
-@@ -358,7 +334,7 @@
- <ItemizedList>
- <ListItem>
- <Para>
--login names/passwords/home directories (/etc/passwd)
-+login names/passwords/home directories (/etc/master.passwd)
- </Para>
- </ListItem>
- <ListItem>
-@@ -454,7 +430,8 @@
- severe security needs. NIS+ is &lowbar;much&lowbar; more problematic
- to administer (it's pretty easy to handle on the client side, but the
- server side is horrible). Another problem is that the support for NIS+
--under Linux contains a lot of bugs and that the development has stopped.
-+under FreeBSD is still under developement, and is not ready for Alpha testing
-+yet.
- </Para>
- 
- </Sect2>
-@@ -560,10 +537,10 @@
- 
- <Para>
- To run any of the software mentioned below you will need to run the
--program /usr/sbin/portmap. Some Linux distributions already have
--the code in the /sbin/init.d/ or /etc/rc.d/ files to start up this
--daemon. All you have to do is to activate it and reboot your Linux
--machine. Read your Linux Distribution Documentation how to do this.
-+program /usr/sbin/portmap.
-+In FreeBSD you specify your desire to run the
-+Portmapper in /etc/rc.conf.
-+All you have to do is to activate it and reboot your FreeBSD machine.
- </Para>
- 
- <Para>
-@@ -645,15 +622,15 @@
- ypcat, yppoll, ypmatch). The most important program is ypbind. This
- program must be running at all times, which means, it should always appear
- in the list of processes. It is a daemon process and needs to
--be started from the system's startup file (eg. /etc/init.d/nis,
--/sbin/init.d/ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local).
-+be started from the system's startup file (eg. /etc/rc.network).
-+You specify your desire to run ypbind in /etc/rc.conf.
- As soon as ypbind is running your system has become a NIS client.
- </Para>
- 
- <Para>
- In the second case, if you don't have NIS servers, then you will also
- need a NIS server program (usually called ypserv). <XRef LinkEnd="ypserv">
--describes how to set up a NIS server on your Linux machine using the
-+how to set up a NIS server on your FreeBSD machine using
- <Command>ypserv</Command>
- daemon.
- </Para>
-@@ -667,44 +644,9 @@
- </Title>
- 
- <Para>
--The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the
--shared library "/lib/libc.so.x" contain all necessary system calls to
--succesfully compile the NIS client and server software. For the
--GNU C Library 2 (glibc 2.x), you also need /lib/libnsl.so.1.
--</Para>
--
--<Para>
--Some people reported that NIS only works with "/usr/lib/libc.a" version
--4.5.21 and better so if you want to play it safe don't use older
--libc's.  The NIS client software can be obtained from:
--</Para>
--
--<Para>
--
--<Screen>
--  Site                  Directory                        File Name
--
--  ftp.kernel.org        /pub/linux/utils/net/NIS         yp-tools-2.7.tar.gz
--  ftp.kernel.org        /pub/linux/utils/net/NIS         ypbind-mt-1.12.tar.gz
--  ftp.kernel.org        /pub/linux/utils/net/NIS         ypbind-3.3.tar.gz
--  ftp.kernel.org        /pub/linux/utils/net/NIS         ypbind-3.3-glibc5.diff.gz
--</Screen>
--
--</Para>
--
--<Para>
--Once you obtained the software, please follow the instructions which
--come with the software. yp-clients 2.2 are for use with libc4 and libc5
--until 5.4.20. libc 5.4.21 and glibc 2.x needs yp-tools 1.4.1 or later.
--The new yp-tools 2.4 should work with every Linux libc. Since there was
--a bug in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc
--5.4.36 or later instead, or the most YP programs will not work.
--ypbind 3.3 will work with all libraries, too. If you use gcc 2.8.x or
--greater, egcs or glibc 2.x, you should add the ypbind-3.3-glibc5.diff
--patch to ypbind 3.3. If possible you should avoid the use of ypbind 3.3
--for security reasons.
--ypbind-mt is a new, multithreaded daemon. It needs a Linux 2.2 kernel
--and glibc 2.1 or later.
-+The system libraries "/usr/lib/libc.so.x" and "/usr/lib/libc.a"
-+contain all necessary system calls to
-+succesfully compile the NIS client and server software.
- </Para>
- 
- </Sect2>
-@@ -726,31 +668,9 @@
- </Title>
- 
- <Para>
--After you have succesfully compiled the software you are now ready
--to install it. A suitable place for the ypbind daemon is the directory
--/usr/sbin. Some people may tell you that you don't need
--ypbind on a system with NYS. This is wrong. ypwhich and ypcat need it
--always.
--</Para>
--
--<Para>
--You must do this as root of course. The other binaries (ypwhich,
--ypcat, yppasswd, yppoll, ypmatch) should go in a directory accessible
--by all users, normally /usr/bin.
--</Para>
--
--<Para>
--Newer ypbind versions have a configuration file called /etc/yp.conf. You can
--hardcode a NIS server there - for more info see the manual page for ypbind(8).
--You also need this file for NYS.
--An example:
--
--<Screen>
--  ypserver 10.10.0.1
--  ypserver 10.0.100.8
--  ypserver 10.3.1.1
--</Screen>
--
-+The ypbind process can be forced to bind to a specific NIS server by specifing
-+the server in /etc/rc.conf.
-+For more info see the manual page for ypbind(8).
- </Para>
- 
- <Para>
-@@ -904,14 +824,6 @@
- </Para>
- 
- <Para>
--To check if the domainname is set correct, use the
--<Command>/bin/ypdomainname</Command> from
--yp-tools 2.2. It uses the yp&lowbar;get&lowbar;default&lowbar;domain() function which is more
--restrict. It doesn't allow for example the "(none)" domainname, which
--is the default under Linux and makes a lot of problems.
--</Para>
--
--<Para>
- If the test worked you may now want to change your startupd files
- so that ypbind will be started at boot time and your system will
- act as a NIS client. Make sure that the domainname will
-@@ -933,19 +845,15 @@
- 
- <Para>
- For host lookups you must set (or add) "nis" to the lookup order line
--in your <filename>/etc/host.conf</filename> file. Please read the
--manpage "resolv+.8" for more details.
--</Para>
--
--<Para>
--Add the following line to <filename>/etc/passwd</filename>
--on your NIS clients:
-+in your <filename>/etc/host.conf</filename> file. Please see the
-+comments in /etc/host.conf for more details.
- </Para>
- 
- <Para>
-+Add the following line to /etc/master.passwd using vipw on your NIS clients:
- 
- <Screen>
--+::::::
-++:::::::::
- </Screen>
- 
- </Para>
-@@ -953,10 +861,10 @@
- <Para>
- You can also use the + and - characters to include/exclude or change
- users. If you want to exclude the user guest just add -guest to your
--<filename>/etc/passwd</filename> file.
-+<filename>/etc/master.passwd</filename> file.
- You want to use a different shell (e.g. ksh) for
--the user "linux"?  No problem, just add "+linux::::::/bin/ksh"
--(without the quotes) to your <filename>/etc/passwd</filename>. Fields
-+the user "ken"?  No problem, just add "+ken:::::::::/usr/local/bin/bash"
-+(without the quotes) to your <filename>/etc/master.passwd</filename>. Fields
- that you don't want
- to change have to be left empty. You could also use Netgroups for
- user control.
-@@ -971,487 +879,19 @@
- <Para>
- 
- <Screen>
--      +miquels:::::::
--      +ed:::::::
--      +dth:::::::
--      +@sysadmins:::::::
--      -ftp
--      +:*::::::/etc/NoShell
-+      +dennis:::::::::
-+      +@sysadmins:::::::::
-+      -ftp:::::::::
-+      +@rejected-users::32767:32767::::::/bin/false
- </Screen>
- 
- </Para>
- 
- <Para>
--Note that in Linux you can also override the password field, as we did
-+Note that in FreeBSD you can also override the password field, as we did
- in this example. We also remove the login "ftp", so it isn't known any
- longer, and anonymous ftp will not work.
--</Para>
--
--<Para>
--The netgroup would look like
--
--<Screen>
--sysadmins (-,software,) (-,kukuk,)
--</Screen>
--
--</Para>
--
--<Para>
--IMPORTANT: The netgroup  feature is implemented starting from libc 4.5.26.
--If you have a version of libc earlier than 4.5.26, every user in the
--NIS password database can access your linux machine if you run "ypbind" !
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>Setting up a NIS Client using NYS
--<IndexTerm><Primary
-->NYS!client setup</Primary></IndexTerm>
--</Title>
--
--<Para>
--All that is required is that the NIS configuration file
--(/etc/yp.conf) points to the correct server(s) for its information.
--Also, the Name Services Switch configuration file (/etc/nsswitch.conf)
--must be correctly set up.
--</Para>
--
--<Para>
--You should install ypbind. It isn't needed by the libc, but the NIS(YP)
--tools need it.
--</Para>
--
--<Para>
--If you wish to use the include/exclude user feature (+/-guest/+@admins),
--you have to use "passwd: compat" and "group: compat" in nsswitch.conf.
--Note that there is no "shadow: compat"! You have to
--use "shadow: files nis" in this case.
--</Para>
--
--<Para>
--The NYS sources are part of the libc 5 sources. When run configure,
--say the first time "NO" to the "Values correct" question,
--then say "YES" to "Build a NYS libc from nys".
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>Setting up a NIS Client using glibc 2.x
--<IndexTerm><Primary
-->NIS!client setup!using glibc 2.x</Primary></IndexTerm>
--</Title>
--
--<Para>
--The glibc uses "traditional NIS", so you need to start ypbind. The
--Name Services Switch configuration file (/etc/nsswitch.conf) must be
--correctly set up. If you use the compat mode for passwd, shadow or group,
--you have to add the "+" at the end of this files and you can use
--the include/exclude user feature. The configuration is excatly the same
--as under Solaris 2.x.
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>The nsswitch.conf File
--<IndexTerm><Primary
-->nsswitch.conf file</Primary></IndexTerm>
--
--<IndexTerm><Primary
-->NIS!nsswitch.conf file</Primary></IndexTerm>
--</Title>
--
--<Para>
--The Network Services switch file /etc/nsswitch.conf determines the
--order of lookups performed when a certain piece of information is
--requested, just like the /etc/host.conf file which determines the way
--host lookups are performed. For example, the line
--</Para>
--
--<Para>
--
--<Screen>
--    hosts: files nis dns
--</Screen>
--
--</Para>
--
--<Para>
--specifies that host lookup functions should first look in the local
--/etc/hosts file, followed by a NIS lookup and finally through the domain
--name service (/etc/resolv.conf and named), at which point if no match
--is found an error is returned. This file must be readable for every
--user! You can find more information in the man-page nsswitch.5
--or nsswitch.conf.5.
--</Para>
--
--<Para>
--A good /etc/nsswitch.conf file for NIS is:
--
--<Screen>
--#
--# /etc/nsswitch.conf
--#
--# An example Name Service Switch config file. This file should be
--# sorted with the most-used services at the beginning.
--#
--# The entry '[NOTFOUND=return]' means that the search for an
--# entry should stop if the search in the previous entry turned
--# up nothing. Note that if the search failed due to some other reason
--# (like no NIS server responding) then the search continues with the
--# next entry.
--#
--# Legal entries are:
--#
--#	nisplus			Use NIS+ (NIS version 3)
--#	nis			Use NIS (NIS version 2), also called YP
--#	dns			Use DNS (Domain Name Service)
--#	files			Use the local files
--#	db			Use the /var/db databases
--#	[NOTFOUND=return]	Stop searching if not found so far
--#
--
--passwd:     compat
--group:      compat
--# For libc5, you must use shadow: files nis
--shadow:     compat
--
--passwd_compat: nis
--group_compat: nis
--shadow_compat: nis
--
--hosts:      nis files dns
--
--services:   nis [NOTFOUND=return] files
--networks:   nis [NOTFOUND=return] files
--protocols:  nis [NOTFOUND=return] files
--rpc:        nis [NOTFOUND=return] files
--ethers:     nis [NOTFOUND=return] files
--netmasks:   nis [NOTFOUND=return] files
--netgroup:   nis
--bootparams: nis [NOTFOUND=return] files
--publickey:  nis [NOTFOUND=return] files
--automount:  files
--aliases:    nis [NOTFOUND=return] files
--</Screen>
--
--</Para>
--
--<Para>
--passwd&lowbar;compat, group&lowbar;compat and shadow&lowbar;compat are only supported by glibc 2.x.
--If there are no shadow rules in /etc/nsswitch.conf, glibc will use the passwd
--rule for lookups. There are some more lookup module for glibc like hesoid.
--For more information, read the glibc documentation.
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>Shadow Passwords with NIS
--<IndexTerm><Primary
-->NIS!shadow passwords</Primary></IndexTerm>
--</Title>
--
--<Para>
--Shadow passwords over NIS are always a bad idea. You loose the security,
--which shadow gives you, and it is supported by only some few Linux C
--Libraries. A good way to avoid shadow passwords over NIS is,
--to put only the local system users in /etc/shadow. Remove the NIS user
--entries from the shadow database, and put the password back in passwd.
--So you can use shadow for the root login, and normal passwd for NIS
--user. This has the advantage that it will work with every NIS client.
--</Para>
--
--<Sect3>
--<Title>Linux</Title>
--
--<Para>
--The only Linux libc which supports shadow passwords over NIS, is the
--GNU C Library 2.x. Linux libc5 has no support for it. Linux
--libc5 compiled with NYS enabled has some code for it. But this code
--is badly broken in some cases and doesn't work with all correct
--shadow entries.
--</Para>
--
--</Sect3>
--
--<Sect3>
--<Title>Solaris</Title>
--
--<Para>
--Solaris does not support shadow passwords over NIS.
--</Para>
--
--</Sect3>
--
--<Sect3>
--<Title>PAM
--<IndexTerm><Primary
-->PAM!shadow passwords</Primary></IndexTerm>
--</Title>
--
--<Para>
--Linux-PAM 0.75 and newr does support Shadow passwords over NIS if you
--use the pam_unix.so Module or if you install the extra pam_unix2.so
--Module. Old systems using pam&lowbar;pwdb/libpwdb (for example Red Hat
--Linux 5.x)
--need to change the /etc/pam.d/* entries. All pam&lowbar;pwdb rules should
--be replaced through a pam&lowbar;unix&lowbar;* module.
--</Para>
--
--<Para>
--An example /etc/pam.d/login file looks like:
--</Para>
--
--<Para>
--
--<Screen>
--#%PAM-1.0
--auth     requisite      pam_unix2.so            nullok #set_secrpc
--auth     required       pam_securetty.so
--auth     required       pam_nologin.so
--auth     required       pam_env.so
--auth     required       pam_mail.so
--account  required       pam_unix2.so
--password required       pam_pwcheck.so          nullok
--password required       pam_unix2.so            nullok use_first_pass use_authtok
--session  required       pam_unix2.so            none # debug or trace
--session  required       pam_limits.so
--</Screen>
--
--</Para>
--
--</Sect3>
--
--</Sect2>
--
--</Sect1>
--
--<Sect1 id="nisplus">
--<Title>What do you need to set up NIS+ ?</Title>
--
--<Sect2>
--<Title>The Software
--<IndexTerm><Primary
-->NIS+!software required</Primary></IndexTerm>
--</Title>
--
--<Para>
--The Linux NIS+ client code was developed for the GNU C library 2.
--There is also a port for Linux libc5, since most commercial Applications
--where linked against this library in the past, and you cannot recompile
--them for using glibc. There are problems with libc5 and NIS+:
--static programs cannot be linked with it, and programs compiled
--with this library will not work with other libc5 versions.
--</Para>
--
--<Para>
--As base System you need a glibc based Distribution like Debian,
--Red Hat Linux or SuSE Linux. If you have a Linux Distribution, which
--does not have glibc 2.1.1 or later, you need to update to a newer
--version.
--</Para>
--
--<Para>
--The NIS+ client software can be obtained from:
--
--<Screen>
--  Site             Directory                     File Name
--
--  ftp.gnu.org     /pub/gnu/glibc                 glibc-2.2.5.tar.gz,
--                                                 glibc-linuxthreads-2.2.5.tar.gz
--  ftp.kernel.org   /pub/linux/utils/net/NIS+     nis-utils-1.4.1.tar.gz
--</Screen>
--
--</Para>
--
--<Para>
--You should also have a look at
--<ULink
--URL="http://www.linux-nis.org/nisplus/"
-->http://www.linux-nis.org/nisplus/</ULink
-->
--for more information and the latest sources.
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>Setting up a NIS+ client
--<IndexTerm><Primary
-->NIS+!client setup</Primary></IndexTerm>
--</Title>
--
--<Para>
--IMPORTANT: For setting up a NIS+ client read your Solaris NIS+ docs
--what to do on the server side! This document only describes what to do
--on the client side!
--</Para>
--
--<Para>
--After installing the new libc and nis-tools, create the credentials for
--the new client on the NIS+ server. Make sure portmap is running. Then
--check if your Linux PC has the same time as the NIS+ Server. For secure RPC,
--you have only a small window from about 3 minutes, in which the credentials
--are valid. A good idea is to run xntpd on every host. After this, run
--</Para>
--
--<Para>
--
--<Screen>
--domainname nisplus.domain.
--nisinit -c -H &#60;NIS+ server&#62;
--</Screen>
--
--</Para>
--
--<Para>
--to initialize the cold start file. Read the nisinit man page for more
--options. Make sure that the domainname will always be set after a reboot.
--If you don't know what the NIS+ domain name is on your network, ask
--your system/network administrator.
--</Para>
--
--<Para>
--Now you should change your <filename>/etc/nsswitch.conf</filename>
--file. Make sure that the
--only service after publickey is nisplus ("publickey: nisplus"), and nothing
--else!
--</Para>
--
--<Para>
--Then start keyserv and make sure, that it will always be started
--as first daemon after portmap at boot time. Run
--
--<Screen>
--keylogin -r
--</Screen>
--
--to store the root secretkey on your system. (I hope you have added the
--publickey for the new host on the NIS+ Server?).
--</Para>
--
--<Para>
--<Command>niscat passwd.org&lowbar;dir</Command>
--should now show you all entries in the passwd database.
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>NIS+, keylogin, login and PAM
--<IndexTerm><Primary
-->NIS+!use of PAM with</Primary></IndexTerm>
--</Title>
--
--<Para>
--When the user logs in, he need to set his secretkey to keyserv. This is done
--by calling "keylogin". The login from the shadow package will do this for the
--user, if it was compiled against glibc 2.1. For a PAM aware login, you have
--to change the /etc/pam.d/login file to
--use pam&lowbar;unix2, not pwdb, which doesn't support NIS+. An example:
--</Para>
--
--<Para>
--
--<Screen>
--#%PAM-1.0
--auth       required	/lib/security/pam_securetty.so
--auth       required	/lib/security/pam_unix2.so       set_secrpc
--auth       required	/lib/security/pam_nologin.so
--account    required	/lib/security/pam_unix2.so
--password   required	/lib/security/pam_unix2.so
--session    required	/lib/security/pam_unix2.so
--</Screen>
--
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>The nsswitch.conf File
--<IndexTerm><Primary
-->nsswitch.conf file</Primary></IndexTerm>
--
--<IndexTerm><Primary
-->NIS+!nsswitch.conf file</Primary></IndexTerm>
--</Title>
--
--<Para>
--The Network Services switch file <filename>/etc/nsswitch.conf</filename>
--determines the order of lookups performed when a certain piece of
--information is requested, just like the
--<filename>/etc/host.conf</filename> file which determines the way
--host lookups are performed. For example, the line
--</Para>
--
--<Para>
--
--<Screen>
--    hosts: files nisplus dns
--</Screen>
--
--</Para>
--
--<Para>
--specifies that host lookup functions should first look in the local
--<filename>/etc/hosts</filename> file, followed by a NIS+ lookup and
--finally through the domain
--name service (<filename>/etc/resolv.conf</filename> and named), at
--which point if no match is found an error is returned.
--</Para>
--
--<Para>
--A good <filename>/etc/nsswitch.conf</filename> file for NIS+ is:
--
--<Screen>
--#
--# /etc/nsswitch.conf
--#
--# An example Name Service Switch config file. This file should be
--# sorted with the most-used services at the beginning.
--#
--# The entry '[NOTFOUND=return]' means that the search for an
--# entry should stop if the search in the previous entry turned
--# up nothing. Note that if the search failed due to some other reason
--# (like no NIS server responding) then the search continues with the
--# next entry.
--#
--# Legal entries are:
--#
--#	nisplus			Use NIS+ (NIS version 3)
--#	nis			Use NIS (NIS version 2), also called YP
--#	dns			Use DNS (Domain Name Service)
--#	files			Use the local files
--#	db			Use the /var/db databases
--#	[NOTFOUND=return]	Stop searching if not found so far
--#
--
--passwd:     compat
--group:      compat
--shadow:     compat
--
--passwd_compat: nisplus
--group_compat:  nisplus
--shadow_compat: nisplus
--
--hosts:      nisplus files dns
--
--services:   nisplus [NOTFOUND=return] files
--networks:   nisplus [NOTFOUND=return] files
--protocols:  nisplus [NOTFOUND=return] files
--rpc:        nisplus [NOTFOUND=return] files
--ethers:     nisplus [NOTFOUND=return] files
--netmasks:   nisplus [NOTFOUND=return] files
--netgroup:   nisplus
--bootparams: nisplus [NOTFOUND=return] files
--publickey:  nisplus
--automount:  files
--aliases:    nisplus [NOTFOUND=return] files
--</Screen>
--
-+See the ``man 5 passwd'' for further explantion and more examples.
- </Para>
- 
- </Sect2>
-@@ -1478,41 +918,6 @@
- </Para>
- 
- <Para>
--The NIS server software can be found on:
--</Para>
--
--<Para>
--
--<Screen>
--  Site               Directory                    File Name
--
--  ftp.kernel.org     /pub/linux/utils/net/NIS     ypserv-2.4.tar.gz
--  ftp.kernel.org     /pub/linux/utils/net/NIS     ypserv-2.4.tar.bz2
--</Screen>
--
--</Para>
--
--<Para>
--You could also look at
--<ULink
--URL="http://www.linux-nis.org/nis/"
-->http://www.linux-nis.org/nis/</ULink
-->
--for more information.
--</Para>
--
--<Para>
--The server setup is the same for both traditional NIS and NYS.
--</Para>
--
--<Para>
--Compile the software to generate the <Command>ypserv</Command> and
--<Command>makedbm</Command>
--programs. ypserv-2.x only supports the securenets file for access
--restrictions.
--</Para>
--
--<Para>
- If you run your server as master, determine what files you require to be
- available via NIS and then add or remove the appropriate
- entries to the "all" rule in <filename>/var/yp/Makefile</filename>.
-@@ -1521,19 +926,9 @@
- </Para>
- 
- <Para>
--There was one big change between ypserv 1.1 and ypserv 1.2. Since
--version 1.2, the file handles are cached. This means you have to
--call makedbm always with the -c option if you create new maps. Make
--sure, you are using the
--new <filename>/var/yp/Makefile</filename> from ypserv 1.2 or later,
--or add the -c flag to makedbm in the Makefile. If you don't do that,
--ypserv will continue to use the old maps, and not the updated one.
--</Para>
--
--<Para>
- Now edit <filename>/var/yp/securenets</filename> and
--<filename>/etc/ypserv.conf</filename>.
--For more information, read the ypserv(8) and ypserv.conf(5) manual pages.
-+<filename>/etc/rc.conf</filename>.
-+For more information, read the ypserv(8) manual page and /etc/rc.conf comments.
- </Para>
- 
- <Para>
-@@ -1575,7 +970,7 @@
- <Para>
- 
- <Screen>
--    % /usr/lib/yp/ypinit -m
-+    % /usr/sbin/ypinit -m
- </Screen>
- 
- </Para>
-@@ -1586,7 +981,7 @@
- must be configured as NIS client before you could run
- 
- <Screen>
--    % /usr/lib/yp/ypinit -s masterhost
-+    % /usr/sbin/ypinit -s masterhost
- </Screen>
- 
- to install the host as NIS slave.
-@@ -1612,16 +1007,16 @@
- </Para>
- 
- <Para>
--You might want to edit root's crontab *on the slave* server and add the
-+You might want to edit the system crontab (/etc/crontab) *on the slave* server and add the
- following lines:
- </Para>
- 
- <Para>
- 
- <Screen>
--      20 *    * * *    /usr/lib/yp/ypxfr_1perhour
--      40 6    * * *    /usr/lib/yp/ypxfr_1perday
--      55 6,18 * * *    /usr/lib/yp/ypxfr_2perday
-+      20 *  * * *    root   /usr/libexec/ypxfr passwd.byname
-+      21 *  * * *    root   /usr/libexec/ypxfr passwd.byuid
-+      55 19 * * *    root   /usr/libexec/ypxfr hosts.ypname
- </Screen>
- 
- This will ensure that most NIS maps are kept up-to-date, even if an
-@@ -1634,7 +1029,7 @@
- the new slave server has permissions to contact the NIS master. Then run
- 
- <Screen>
--    % /usr/lib/yp/ypinit -s masterhost
-+    % /usr/sbin/ypinit -s masterhost
- </Screen>
- 
- on the new slave. On the master server, add the new slave server name
-@@ -1646,7 +1041,7 @@
- <Para>
- If you want to restrict access for users to your NIS server, you'll have
- to setup the NIS server as a client as well by running ypbind and adding the
--plus-entries to <filename>/etc/passwd</filename> &lowbar;halfway&lowbar;
-+plus-entries to <filename>/etc/master.passwd</filename> &lowbar;halfway&lowbar;
- the password file. The library
- functions will ignore all normal entries after the first NIS entry, and
- will get the rest of the info through NIS. This way the NIS access rules
-@@ -1668,17 +1063,17 @@
-      news:*:9:9:news:/var/spool/news:
-      uucp:*:10:50:uucp:/var/spool/uucp:
-      nobody:*:65534:65534:noone at all,,,,:/dev/null:
--     +miquels::::::
--     +:*:::::/etc/NoShell
-+     +dennis:::::::::
-+     +*:::::::::/bin/false
-      [ All normal users AFTER this line! ]
-      tester:*:299:10:Just a test account:/tmp:
--     miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
-+     obrien:1765:01:10::0:0:David O'Brien:/home/obrien:/bin/sh
- </Screen>
- 
- </Para>
- 
- <Para>
--Thus the user "tester" will exist, but have a shell of /etc/NoShell. miquels
-+Thus the user "tester" will exist, but have a shell of /bin/false. obrien
- will have normal access.
- </Para>
- 
-@@ -1686,7 +1081,7 @@
- Alternatively, you could edit the <filename>/var/yp/Makefile</filename> file
- and set NIS to use
- another source password file. On large systems the NIS password and group
--files are usually stored in <Literal remap="tt">/etc/yp/</Literal>. If you do this the normal
-+files are sometimes stored in <Literal remap="tt">/etc/yp/</Literal>. If you do this the normal
- tools to administrate the password file such as <Literal remap="tt">passwd</Literal>, <Literal remap="tt">chfn</Literal>,
- <Literal remap="tt">adduser</Literal> will not work anymore and you need special homemade tools
- for this.
-@@ -1699,137 +1094,6 @@
- 
- </Sect2>
- 
--<Sect2>
--<Title>The Server Program yps
--<IndexTerm><Primary
-->NIS!yps server</Primary></IndexTerm>
--
--<IndexTerm><Primary
-->yps NIS server</Primary></IndexTerm>
--</Title>
--
--<Para>
--To set up the "yps" NIS server please refer to the previous paragraph.
--The "yps" server setup is similar, &lowbar;but&lowbar; not exactly the same so
--beware if you try to apply the "ypserv" instructions to "yps"!
--"yps" is not supported by any author, and contains some security leaks.
--You really shouldn't use it !
--</Para>
--
--<Para>
--The "yps" NIS server software can be found on:
--</Para>
--
--<Para>
--
--<Screen>
--  Site                  Directory                   File Name
--
--  ftp.lysator.liu.se    /pub/NYS/servers            yps-0.21.tar.gz
--  ftp.kernel.org        /pub/linux/utils/net/NIS    yps-0.21.tar.gz
--</Screen>
--
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>The Program rpc.ypxfrd
--<IndexTerm><Primary
-->NIS&verbar;rpc.ypxfrd daemon</Primary></IndexTerm>
--
--<IndexTerm><Primary
-->rpc.ypxfrd daemon</Primary></IndexTerm>
--</Title>
--
--<Para>
--rpc.ypxfrd is used for speed up the transfer of very large
--NIS  maps  from a NIS master to NIS slave servers. If a
--NIS slave server receives a message that there is  a  new
--map,  it  will  start  ypxfr  for transfering the new map.
--ypxfr will read the contents of  a  map  from  the  master
--server  using the yp&lowbar;all() function. This process can take
--several minutes when there are very large maps which  have
--to store by the database library.
--</Para>
--
--<Para>
--The  rpc.ypxfrd  server  speeds up the transfer process by
--allowing NIS slave  servers  to  simply  copy  the  master
--server's  map  files  rather  than building their own from
--scratch.  rpc.ypxfrd uses an RPC-based file transfer  protocol,
--so that there is no need for building a new map.
--</Para>
--
--<Para>
--rpc.ypxfrd can be started by inetd. But since it starts
--very slow, it should be started with ypserv. You need to start
--rpc.ypxfrd only on the NIS master server.
--</Para>
--
--</Sect2>
--
--<Sect2>
--<Title>The Program rpc.yppasswdd
--<IndexTerm><Primary
-->NIS!rpc.yppasswdd daemon</Primary></IndexTerm>
--
--<IndexTerm><Primary
-->rpc.yppasswdd daemon</Primary></IndexTerm>
--</Title>
--
--<Para>
--Whenever users change their passwords, the NIS password database and
--probably other NIS databases, which depend on the NIS password
--database, should be updated.  The program "rpc.yppasswdd" is a server that
--handles password changes and makes sure that the NIS information will
--be updated accordingly. rpc.yppasswdd is now integrated in ypserv. You
--don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz,
--and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.3.2
--has full shadow support. yppasswd is now part of yp-tools-2.2.tar.gz.
--</Para>
--
--<Para>
--You need to start rpc.yppasswdd only on the NIS master server. By default,
--users are not allowed to change their full name or the login shell.
--You can allow this with the -e chfn or -e chsh option.
--</Para>
--
--<Para>
--If your passwd and shadow files are not in another directory then
--/etc, you need to add the -D option. For example, if you have put
--all source files in /etc/yp and wish to allow the user to change
--his shell, you need to start rpc.yppasswdd with the following parameters:
--</Para>
--
--<Para>
--
--<Screen>
--   rpc.yppasswdd -D /etc/yp -e chsh
--</Screen>
--
--</Para>
--
--<Para>
--or
--</Para>
--
--<Para>
--
--<Screen>
--   rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh
--</Screen>
--
--</Para>
--
--<Para>
--There is nothing more to do. You just need to make sure, that
--<Literal remap="tt">rpc.yppasswdd</Literal> uses the same files as <Literal remap="tt">/var/yp/Makefile</Literal>.
--Errors will be logged using syslog.
--</Para>
--
--</Sect2>
--
- </Sect1>
- 
- <Sect1 id="verification">
-@@ -1837,8 +1101,6 @@
- <IndexTerm><Primary
- >NIS!verification of operation</Primary></IndexTerm>
- 
--<IndexTerm><Primary
-->NYS!verification of operation</Primary></IndexTerm>
- </Title>
- 
- <Para>
-@@ -1869,9 +1131,7 @@
- 
- <Para>
- (where userid is the login name of an arbitrary user) should give you
--the user's entry in the NIS passwd file. The "ypcat" and "ypmatch"
--programs should be included with your distribution of traditional
--NIS or NYS.
-+the user's entry in the NIS passwd file.
- </Para>
- 
- <Para>
-@@ -2172,92 +1432,6 @@
- >NIS!problems with</Primary></IndexTerm>
- </Title>
- 
--<Para>
--Here are some common problems reported by various users:
--</Para>
--
--<Para>
--
--<OrderedList>
--<ListItem>
--
--<Para>
--The libraries for 4.5.19 are broken. NIS won't work with it.
--
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--If you upgrade the libraries from 4.5.19 to 4.5.24 then the
--su command breaks. You need to get the su command from the
--slackware 1.2.0 distribution. Incidentally that's where you
--can get the updated libraries.
--
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--When a NIS server goes down and comes up again ypbind starts
--complaining with messages like:
--
--<screen>
--    yp_match: clnt_call:
--    RPC: Unable to receive; errno = Connection refused
--</screen>
--
--and logins are refused for those who are registered in the
--NIS database. Try to login as root and kill
--ypbind and start it up again. An update to ypbind 3.3 or higher
--should also help.
--
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--After upgrading the libc to a version greater then 5.4.20, the YP tools
--will not work any longer. You need yp-tools 1.2 or later for
--libc &#62;= 5.4.21 and glibc 2.x. For earlier libc version you need
--yp-clients 2.2. yp-tools 2.x should work for all libraries.
--
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--In libc 5.4.21 - 5.4.35 yp&lowbar;maplist is broken, you need 5.4.36 or later,
--or some YP programs like ypwhich will segfault.
--
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--libc 5 with traditional NIS doesn't support shadow passwords over NIS.
--You need libc5 + NYS or glibc 2.x.
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--ypcat shadow doesn't show the shadow map. This is correct, the name of
--the shadow map is shadow.byname, not shadow.
--</Para>
--</ListItem>
--<ListItem>
--
--<Para>
--Solaris doesn't use always privileged ports. So don't use password
--mangling if you have a Solaris client.
--</Para>
--</ListItem>
--
--</OrderedList>
--
--</Para>
--
- </Sect1>
- 
- <Sect1 id="faq">
-@@ -2274,7 +1448,7 @@
- <Para>
- 
- <Screen>
--    comp.os.linux.networking
-+    hackers@FreeBSD.org
- </Screen>
- 
- </Para>
author	Kris Kennaway <kris@FreeBSD.org>	2005-02-18 23:44:49 +0000
committer	Kris Kennaway <kris@FreeBSD.org>	2005-02-18 23:44:49 +0000
commit	11ea174ccbc9cebd4134768e8fb92c6a3dc2c559 (patch)
tree	1514ed7a486e108239615c1d83319d83bacdbc3d /misc/Howto/files/patch-nis
parent	Update dependency to bash2 in preparation for removing bash1. (diff)