From 11ea174ccbc9cebd4134768e8fb92c6a3dc2c559 Mon Sep 17 00:00:00 2001 From: Kris Kennaway Date: Fri, 18 Feb 2005 23:44:49 +0000 Subject: As previously announced, remove ports that have reached their expiry date, and the handful of ports that depended on them. --- misc/Howto/files/patch-nis | 1248 -------------------------------------------- 1 file changed, 1248 deletions(-) delete mode 100644 misc/Howto/files/patch-nis (limited to 'misc/Howto/files/patch-nis') diff --git a/misc/Howto/files/patch-nis b/misc/Howto/files/patch-nis deleted file mode 100644 index 90308a40ccc0..000000000000 --- a/misc/Howto/files/patch-nis +++ /dev/null @@ -1,1248 +0,0 @@ ---- NIS-HOWTO.sgml.orig Wed Dec 25 09:56:09 2002 -+++ NIS-HOWTO.sgml Wed Dec 25 10:53:26 2002 -@@ -4,9 +4,10 @@ - - - --The Linux NIS(YP)/NYS/NIS+ HOWTO -+The FreeBSD NIS(YP)/NYS/NIS+ HOWTO - -+Linux version by - Thorsten Kukuk - -@@ -17,9 +18,8 @@ - - HOWTOs!NIS - HOWTOs!YP --HOWTOs!NYS - HOWTOs!NIS+ --This document describes how to configure Linux as NIS(YP) or NIS+ client -+This document describes how to configure FreeBSD as NIS(YP) client - and how to install as NIS server. - - -@@ -30,22 +30,21 @@ - Introduction - - --More and more, Linux machines are installed as part of a network of -+More and more, FreeBSD machines are installed as part of a network of - computers. To simplify network administration, most networks (mostly --Sun-based networks) run the Network Information Service. Linux machines -+Sun-based networks) run the Network Information Service. FreeBSD machines - can take full advantage of existing NIS service or provide NIS service --themselves. Linux machines can also act as full NIS+ clients, this --support is in beta stage. -+themselves. - - - --This document tries to answer questions about setting up NIS(YP) and NIS+ --on your Linux machine. Don't forget to read -+This document tries to answer questions about setting up NIS(YP) -+on your FreeBSD machine. Don't forget to read - . - - - --The NIS-Howto is edited and maintained by -+The Linux version of the NIS-Howto is edited and maintained by - - - -@@ -88,12 +87,7 @@ - - - --New versions of this document will also be uploaded to various --Linux WWW and FTP sites, including the LDP home page. -- -- -- --Links to translations of this document could be found at -+Links to translations of the Linux document could be found at - http://www.linux-nis.org/nis-howto/ - - --Please do not mail me questions about special problems with your Linux --Distribution! I don't know every Linux Distribution. But I will try to add --every solution you send me. -+Please do not mail Thorsten questions about special problems with FreeBSD. -+The FreeBSD changes to the Linux document were done by the FreeBSD -+Documentation Project. Please send comments to docs@freebsd.org - - - -@@ -160,10 +154,6 @@ - - - Theo de Raadt is responsible for the original yp-clients code. --Swen Thuemmler ported the yp-clients code to Linux and also ported --the yp-routines in libc (again based on Theo's work). --Thorsten Kukuk has written the NIS(YP) and NIS+ routines for --GNU libc 2.x from scratch. - - - -@@ -177,9 +167,8 @@ - Glossary of Terms - <IndexTerm><Primary>NIS!glossary</Primary></IndexTerm> - <IndexTerm><Primary>YP!glossary</Primary></IndexTerm> --<IndexTerm><Primary>NYS!glossary</Primary></IndexTerm> - <IndexTerm><Primary>NIS+!glossary</Primary></IndexTerm> --<IndexTerm><Primary>glossary!NIS/NYS/YP/NIS+</Primary></IndexTerm> -+<IndexTerm><Primary>glossary!NIS/YP/NIS+</Primary></IndexTerm> - - - -@@ -191,7 +180,7 @@ - - - --DBM -+DB - - - DataBase Management, a library of functions which -@@ -234,8 +223,7 @@ - - - Name services library, a library of name service calls --(getpwnam, getservbyname, etc...) on SVR4 Unixes. GNU libc --uses this for the NIS (YP) and NIS+ functions. -+(getpwnam, getservbyname, etc...) on SVR4 Unixes. - - - -@@ -272,21 +260,10 @@ - - - --NYS -- -- --This is the name of a project and stands for NIS+, YP and Switch --and is managed by Peter Eriksson <peter@ifm.liu.se>. It contains --among other things a complete reimplementation of the NIS (= YP) code --that uses the Name Services Switch functionality of the NYS library. -- -- -- -- - NSS - - --Name Service Switch. The /etc/nsswitch.conf file determines the order -+Name Service Switch. On Solaris, the /etc/nsswitch.conf file determines the order - of lookups performed when a certain piece of information is requested. - - -@@ -329,7 +306,6 @@ - Some General Information - <IndexTerm><Primary>NIS!general information</Primary></IndexTerm> - <IndexTerm><Primary>YP!general information</Primary></IndexTerm> --<IndexTerm><Primary>NYS!general information</Primary></IndexTerm> - <IndexTerm><Primary>NIS+!general information</Primary></IndexTerm> - - -@@ -358,7 +334,7 @@ - - - --login names/passwords/home directories (/etc/passwd) -+login names/passwords/home directories (/etc/master.passwd) - - - -@@ -454,7 +430,8 @@ - severe security needs. NIS+ is _much_ more problematic - to administer (it's pretty easy to handle on the client side, but the - server side is horrible). Another problem is that the support for NIS+ --under Linux contains a lot of bugs and that the development has stopped. -+under FreeBSD is still under developement, and is not ready for Alpha testing -+yet. - - - -@@ -560,10 +537,10 @@ - - - To run any of the software mentioned below you will need to run the --program /usr/sbin/portmap. Some Linux distributions already have --the code in the /sbin/init.d/ or /etc/rc.d/ files to start up this --daemon. All you have to do is to activate it and reboot your Linux --machine. Read your Linux Distribution Documentation how to do this. -+program /usr/sbin/portmap. -+In FreeBSD you specify your desire to run the -+Portmapper in /etc/rc.conf. -+All you have to do is to activate it and reboot your FreeBSD machine. - - - -@@ -645,15 +622,15 @@ - ypcat, yppoll, ypmatch). The most important program is ypbind. This - program must be running at all times, which means, it should always appear - in the list of processes. It is a daemon process and needs to --be started from the system's startup file (eg. /etc/init.d/nis, --/sbin/init.d/ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local). -+be started from the system's startup file (eg. /etc/rc.network). -+You specify your desire to run ypbind in /etc/rc.conf. - As soon as ypbind is running your system has become a NIS client. - - - - In the second case, if you don't have NIS servers, then you will also - need a NIS server program (usually called ypserv). --describes how to set up a NIS server on your Linux machine using the -+how to set up a NIS server on your FreeBSD machine using - ypserv - daemon. - -@@ -667,44 +644,9 @@ - - - --The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the --shared library "/lib/libc.so.x" contain all necessary system calls to --succesfully compile the NIS client and server software. For the --GNU C Library 2 (glibc 2.x), you also need /lib/libnsl.so.1. -- -- -- --Some people reported that NIS only works with "/usr/lib/libc.a" version --4.5.21 and better so if you want to play it safe don't use older --libc's. The NIS client software can be obtained from: -- -- -- -- -- -- Site Directory File Name -- -- ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.7.tar.gz -- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-mt-1.12.tar.gz -- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3.tar.gz -- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3-glibc5.diff.gz -- -- -- -- -- --Once you obtained the software, please follow the instructions which --come with the software. yp-clients 2.2 are for use with libc4 and libc5 --until 5.4.20. libc 5.4.21 and glibc 2.x needs yp-tools 1.4.1 or later. --The new yp-tools 2.4 should work with every Linux libc. Since there was --a bug in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc --5.4.36 or later instead, or the most YP programs will not work. --ypbind 3.3 will work with all libraries, too. If you use gcc 2.8.x or --greater, egcs or glibc 2.x, you should add the ypbind-3.3-glibc5.diff --patch to ypbind 3.3. If possible you should avoid the use of ypbind 3.3 --for security reasons. --ypbind-mt is a new, multithreaded daemon. It needs a Linux 2.2 kernel --and glibc 2.1 or later. -+The system libraries "/usr/lib/libc.so.x" and "/usr/lib/libc.a" -+contain all necessary system calls to -+succesfully compile the NIS client and server software. - - - -@@ -726,31 +668,9 @@ - - - --After you have succesfully compiled the software you are now ready --to install it. A suitable place for the ypbind daemon is the directory --/usr/sbin. Some people may tell you that you don't need --ypbind on a system with NYS. This is wrong. ypwhich and ypcat need it --always. -- -- -- --You must do this as root of course. The other binaries (ypwhich, --ypcat, yppasswd, yppoll, ypmatch) should go in a directory accessible --by all users, normally /usr/bin. -- -- -- --Newer ypbind versions have a configuration file called /etc/yp.conf. You can --hardcode a NIS server there - for more info see the manual page for ypbind(8). --You also need this file for NYS. --An example: -- -- -- ypserver 10.10.0.1 -- ypserver 10.0.100.8 -- ypserver 10.3.1.1 -- -- -+The ypbind process can be forced to bind to a specific NIS server by specifing -+the server in /etc/rc.conf. -+For more info see the manual page for ypbind(8). - - - -@@ -904,14 +824,6 @@ - - - --To check if the domainname is set correct, use the --/bin/ypdomainname from --yp-tools 2.2. It uses the yp_get_default_domain() function which is more --restrict. It doesn't allow for example the "(none)" domainname, which --is the default under Linux and makes a lot of problems. -- -- -- - If the test worked you may now want to change your startupd files - so that ypbind will be started at boot time and your system will - act as a NIS client. Make sure that the domainname will -@@ -933,19 +845,15 @@ - - - For host lookups you must set (or add) "nis" to the lookup order line --in your /etc/host.conf file. Please read the --manpage "resolv+.8" for more details. -- -- -- --Add the following line to /etc/passwd --on your NIS clients: -+in your /etc/host.conf file. Please see the -+comments in /etc/host.conf for more details. - - - -+Add the following line to /etc/master.passwd using vipw on your NIS clients: - - --+:::::: -++::::::::: - - - -@@ -953,10 +861,10 @@ - - You can also use the + and - characters to include/exclude or change - users. If you want to exclude the user guest just add -guest to your --/etc/passwd file. -+/etc/master.passwd file. - You want to use a different shell (e.g. ksh) for --the user "linux"? No problem, just add "+linux::::::/bin/ksh" --(without the quotes) to your /etc/passwd. Fields -+the user "ken"? No problem, just add "+ken:::::::::/usr/local/bin/bash" -+(without the quotes) to your /etc/master.passwd. Fields - that you don't want - to change have to be left empty. You could also use Netgroups for - user control. -@@ -971,487 +879,19 @@ - - - -- +miquels::::::: -- +ed::::::: -- +dth::::::: -- +@sysadmins::::::: -- -ftp -- +:*::::::/etc/NoShell -+ +dennis::::::::: -+ +@sysadmins::::::::: -+ -ftp::::::::: -+ +@rejected-users::32767:32767::::::/bin/false - - - - - --Note that in Linux you can also override the password field, as we did -+Note that in FreeBSD you can also override the password field, as we did - in this example. We also remove the login "ftp", so it isn't known any - longer, and anonymous ftp will not work. -- -- -- --The netgroup would look like -- -- --sysadmins (-,software,) (-,kukuk,) -- -- -- -- -- --IMPORTANT: The netgroup feature is implemented starting from libc 4.5.26. --If you have a version of libc earlier than 4.5.26, every user in the --NIS password database can access your linux machine if you run "ypbind" ! -- -- -- -- -- --Setting up a NIS Client using NYS --<IndexTerm><Primary -->NYS!client setup</Primary></IndexTerm> -- -- -- --All that is required is that the NIS configuration file --(/etc/yp.conf) points to the correct server(s) for its information. --Also, the Name Services Switch configuration file (/etc/nsswitch.conf) --must be correctly set up. -- -- -- --You should install ypbind. It isn't needed by the libc, but the NIS(YP) --tools need it. -- -- -- --If you wish to use the include/exclude user feature (+/-guest/+@admins), --you have to use "passwd: compat" and "group: compat" in nsswitch.conf. --Note that there is no "shadow: compat"! You have to --use "shadow: files nis" in this case. -- -- -- --The NYS sources are part of the libc 5 sources. When run configure, --say the first time "NO" to the "Values correct" question, --then say "YES" to "Build a NYS libc from nys". -- -- -- -- -- --Setting up a NIS Client using glibc 2.x --<IndexTerm><Primary -->NIS!client setup!using glibc 2.x</Primary></IndexTerm> -- -- -- --The glibc uses "traditional NIS", so you need to start ypbind. The --Name Services Switch configuration file (/etc/nsswitch.conf) must be --correctly set up. If you use the compat mode for passwd, shadow or group, --you have to add the "+" at the end of this files and you can use --the include/exclude user feature. The configuration is excatly the same --as under Solaris 2.x. -- -- -- -- -- --The nsswitch.conf File --<IndexTerm><Primary -->nsswitch.conf file</Primary></IndexTerm> -- --<IndexTerm><Primary -->NIS!nsswitch.conf file</Primary></IndexTerm> -- -- -- --The Network Services switch file /etc/nsswitch.conf determines the --order of lookups performed when a certain piece of information is --requested, just like the /etc/host.conf file which determines the way --host lookups are performed. For example, the line -- -- -- -- -- -- hosts: files nis dns -- -- -- -- -- --specifies that host lookup functions should first look in the local --/etc/hosts file, followed by a NIS lookup and finally through the domain --name service (/etc/resolv.conf and named), at which point if no match --is found an error is returned. This file must be readable for every --user! You can find more information in the man-page nsswitch.5 --or nsswitch.conf.5. -- -- -- --A good /etc/nsswitch.conf file for NIS is: -- -- --# --# /etc/nsswitch.conf --# --# An example Name Service Switch config file. This file should be --# sorted with the most-used services at the beginning. --# --# The entry '[NOTFOUND=return]' means that the search for an --# entry should stop if the search in the previous entry turned --# up nothing. Note that if the search failed due to some other reason --# (like no NIS server responding) then the search continues with the --# next entry. --# --# Legal entries are: --# --# nisplus Use NIS+ (NIS version 3) --# nis Use NIS (NIS version 2), also called YP --# dns Use DNS (Domain Name Service) --# files Use the local files --# db Use the /var/db databases --# [NOTFOUND=return] Stop searching if not found so far --# -- --passwd: compat --group: compat --# For libc5, you must use shadow: files nis --shadow: compat -- --passwd_compat: nis --group_compat: nis --shadow_compat: nis -- --hosts: nis files dns -- --services: nis [NOTFOUND=return] files --networks: nis [NOTFOUND=return] files --protocols: nis [NOTFOUND=return] files --rpc: nis [NOTFOUND=return] files --ethers: nis [NOTFOUND=return] files --netmasks: nis [NOTFOUND=return] files --netgroup: nis --bootparams: nis [NOTFOUND=return] files --publickey: nis [NOTFOUND=return] files --automount: files --aliases: nis [NOTFOUND=return] files -- -- -- -- -- --passwd_compat, group_compat and shadow_compat are only supported by glibc 2.x. --If there are no shadow rules in /etc/nsswitch.conf, glibc will use the passwd --rule for lookups. There are some more lookup module for glibc like hesoid. --For more information, read the glibc documentation. -- -- -- -- -- --Shadow Passwords with NIS --<IndexTerm><Primary -->NIS!shadow passwords</Primary></IndexTerm> -- -- -- --Shadow passwords over NIS are always a bad idea. You loose the security, --which shadow gives you, and it is supported by only some few Linux C --Libraries. A good way to avoid shadow passwords over NIS is, --to put only the local system users in /etc/shadow. Remove the NIS user --entries from the shadow database, and put the password back in passwd. --So you can use shadow for the root login, and normal passwd for NIS --user. This has the advantage that it will work with every NIS client. -- -- -- --Linux -- -- --The only Linux libc which supports shadow passwords over NIS, is the --GNU C Library 2.x. Linux libc5 has no support for it. Linux --libc5 compiled with NYS enabled has some code for it. But this code --is badly broken in some cases and doesn't work with all correct --shadow entries. -- -- -- -- -- --Solaris -- -- --Solaris does not support shadow passwords over NIS. -- -- -- -- -- --PAM --<IndexTerm><Primary -->PAM!shadow passwords</Primary></IndexTerm> -- -- -- --Linux-PAM 0.75 and newr does support Shadow passwords over NIS if you --use the pam_unix.so Module or if you install the extra pam_unix2.so --Module. Old systems using pam_pwdb/libpwdb (for example Red Hat --Linux 5.x) --need to change the /etc/pam.d/* entries. All pam_pwdb rules should --be replaced through a pam_unix_* module. -- -- -- --An example /etc/pam.d/login file looks like: -- -- -- -- -- --#%PAM-1.0 --auth requisite pam_unix2.so nullok #set_secrpc --auth required pam_securetty.so --auth required pam_nologin.so --auth required pam_env.so --auth required pam_mail.so --account required pam_unix2.so --password required pam_pwcheck.so nullok --password required pam_unix2.so nullok use_first_pass use_authtok --session required pam_unix2.so none # debug or trace --session required pam_limits.so -- -- -- -- -- -- -- -- -- -- -- --What do you need to set up NIS+ ? -- -- --The Software --<IndexTerm><Primary -->NIS+!software required</Primary></IndexTerm> -- -- -- --The Linux NIS+ client code was developed for the GNU C library 2. --There is also a port for Linux libc5, since most commercial Applications --where linked against this library in the past, and you cannot recompile --them for using glibc. There are problems with libc5 and NIS+: --static programs cannot be linked with it, and programs compiled --with this library will not work with other libc5 versions. -- -- -- --As base System you need a glibc based Distribution like Debian, --Red Hat Linux or SuSE Linux. If you have a Linux Distribution, which --does not have glibc 2.1.1 or later, you need to update to a newer --version. -- -- -- --The NIS+ client software can be obtained from: -- -- -- Site Directory File Name -- -- ftp.gnu.org /pub/gnu/glibc glibc-2.2.5.tar.gz, -- glibc-linuxthreads-2.2.5.tar.gz -- ftp.kernel.org /pub/linux/utils/net/NIS+ nis-utils-1.4.1.tar.gz -- -- -- -- -- --You should also have a look at --http://www.linux-nis.org/nisplus/ --for more information and the latest sources. -- -- -- -- -- --Setting up a NIS+ client --<IndexTerm><Primary -->NIS+!client setup</Primary></IndexTerm> -- -- -- --IMPORTANT: For setting up a NIS+ client read your Solaris NIS+ docs --what to do on the server side! This document only describes what to do --on the client side! -- -- -- --After installing the new libc and nis-tools, create the credentials for --the new client on the NIS+ server. Make sure portmap is running. Then --check if your Linux PC has the same time as the NIS+ Server. For secure RPC, --you have only a small window from about 3 minutes, in which the credentials --are valid. A good idea is to run xntpd on every host. After this, run -- -- -- -- -- --domainname nisplus.domain. --nisinit -c -H <NIS+ server> -- -- -- -- -- --to initialize the cold start file. Read the nisinit man page for more --options. Make sure that the domainname will always be set after a reboot. --If you don't know what the NIS+ domain name is on your network, ask --your system/network administrator. -- -- -- --Now you should change your /etc/nsswitch.conf --file. Make sure that the --only service after publickey is nisplus ("publickey: nisplus"), and nothing --else! -- -- -- --Then start keyserv and make sure, that it will always be started --as first daemon after portmap at boot time. Run -- -- --keylogin -r -- -- --to store the root secretkey on your system. (I hope you have added the --publickey for the new host on the NIS+ Server?). -- -- -- --niscat passwd.org_dir --should now show you all entries in the passwd database. -- -- -- -- -- --NIS+, keylogin, login and PAM --<IndexTerm><Primary -->NIS+!use of PAM with</Primary></IndexTerm> -- -- -- --When the user logs in, he need to set his secretkey to keyserv. This is done --by calling "keylogin". The login from the shadow package will do this for the --user, if it was compiled against glibc 2.1. For a PAM aware login, you have --to change the /etc/pam.d/login file to --use pam_unix2, not pwdb, which doesn't support NIS+. An example: -- -- -- -- -- --#%PAM-1.0 --auth required /lib/security/pam_securetty.so --auth required /lib/security/pam_unix2.so set_secrpc --auth required /lib/security/pam_nologin.so --account required /lib/security/pam_unix2.so --password required /lib/security/pam_unix2.so --session required /lib/security/pam_unix2.so -- -- -- -- -- -- -- --The nsswitch.conf File --<IndexTerm><Primary -->nsswitch.conf file</Primary></IndexTerm> -- --<IndexTerm><Primary -->NIS+!nsswitch.conf file</Primary></IndexTerm> -- -- -- --The Network Services switch file /etc/nsswitch.conf --determines the order of lookups performed when a certain piece of --information is requested, just like the --/etc/host.conf file which determines the way --host lookups are performed. For example, the line -- -- -- -- -- -- hosts: files nisplus dns -- -- -- -- -- --specifies that host lookup functions should first look in the local --/etc/hosts file, followed by a NIS+ lookup and --finally through the domain --name service (/etc/resolv.conf and named), at --which point if no match is found an error is returned. -- -- -- --A good /etc/nsswitch.conf file for NIS+ is: -- -- --# --# /etc/nsswitch.conf --# --# An example Name Service Switch config file. This file should be --# sorted with the most-used services at the beginning. --# --# The entry '[NOTFOUND=return]' means that the search for an --# entry should stop if the search in the previous entry turned --# up nothing. Note that if the search failed due to some other reason --# (like no NIS server responding) then the search continues with the --# next entry. --# --# Legal entries are: --# --# nisplus Use NIS+ (NIS version 3) --# nis Use NIS (NIS version 2), also called YP --# dns Use DNS (Domain Name Service) --# files Use the local files --# db Use the /var/db databases --# [NOTFOUND=return] Stop searching if not found so far --# -- --passwd: compat --group: compat --shadow: compat -- --passwd_compat: nisplus --group_compat: nisplus --shadow_compat: nisplus -- --hosts: nisplus files dns -- --services: nisplus [NOTFOUND=return] files --networks: nisplus [NOTFOUND=return] files --protocols: nisplus [NOTFOUND=return] files --rpc: nisplus [NOTFOUND=return] files --ethers: nisplus [NOTFOUND=return] files --netmasks: nisplus [NOTFOUND=return] files --netgroup: nisplus --bootparams: nisplus [NOTFOUND=return] files --publickey: nisplus --automount: files --aliases: nisplus [NOTFOUND=return] files -- -- -+See the ``man 5 passwd'' for further explantion and more examples. - - - -@@ -1478,41 +918,6 @@ - - - --The NIS server software can be found on: -- -- -- -- -- -- Site Directory File Name -- -- ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.4.tar.gz -- ftp.kernel.org /pub/linux/utils/net/NIS ypserv-2.4.tar.bz2 -- -- -- -- -- --You could also look at --http://www.linux-nis.org/nis/ --for more information. -- -- -- --The server setup is the same for both traditional NIS and NYS. -- -- -- --Compile the software to generate the ypserv and --makedbm --programs. ypserv-2.x only supports the securenets file for access --restrictions. -- -- -- - If you run your server as master, determine what files you require to be - available via NIS and then add or remove the appropriate - entries to the "all" rule in /var/yp/Makefile. -@@ -1521,19 +926,9 @@ - - - --There was one big change between ypserv 1.1 and ypserv 1.2. Since --version 1.2, the file handles are cached. This means you have to --call makedbm always with the -c option if you create new maps. Make --sure, you are using the --new /var/yp/Makefile from ypserv 1.2 or later, --or add the -c flag to makedbm in the Makefile. If you don't do that, --ypserv will continue to use the old maps, and not the updated one. -- -- -- - Now edit /var/yp/securenets and --/etc/ypserv.conf. --For more information, read the ypserv(8) and ypserv.conf(5) manual pages. -+/etc/rc.conf. -+For more information, read the ypserv(8) manual page and /etc/rc.conf comments. - - - -@@ -1575,7 +970,7 @@ - - - -- % /usr/lib/yp/ypinit -m -+ % /usr/sbin/ypinit -m - - - -@@ -1586,7 +981,7 @@ - must be configured as NIS client before you could run - - -- % /usr/lib/yp/ypinit -s masterhost -+ % /usr/sbin/ypinit -s masterhost - - - to install the host as NIS slave. -@@ -1612,16 +1007,16 @@ - - - --You might want to edit root's crontab *on the slave* server and add the -+You might want to edit the system crontab (/etc/crontab) *on the slave* server and add the - following lines: - - - - - -- 20 * * * * /usr/lib/yp/ypxfr_1perhour -- 40 6 * * * /usr/lib/yp/ypxfr_1perday -- 55 6,18 * * * /usr/lib/yp/ypxfr_2perday -+ 20 * * * * root /usr/libexec/ypxfr passwd.byname -+ 21 * * * * root /usr/libexec/ypxfr passwd.byuid -+ 55 19 * * * root /usr/libexec/ypxfr hosts.ypname - - - This will ensure that most NIS maps are kept up-to-date, even if an -@@ -1634,7 +1029,7 @@ - the new slave server has permissions to contact the NIS master. Then run - - -- % /usr/lib/yp/ypinit -s masterhost -+ % /usr/sbin/ypinit -s masterhost - - - on the new slave. On the master server, add the new slave server name -@@ -1646,7 +1041,7 @@ - - If you want to restrict access for users to your NIS server, you'll have - to setup the NIS server as a client as well by running ypbind and adding the --plus-entries to /etc/passwd _halfway_ -+plus-entries to /etc/master.passwd _halfway_ - the password file. The library - functions will ignore all normal entries after the first NIS entry, and - will get the rest of the info through NIS. This way the NIS access rules -@@ -1668,17 +1063,17 @@ - news:*:9:9:news:/var/spool/news: - uucp:*:10:50:uucp:/var/spool/uucp: - nobody:*:65534:65534:noone at all,,,,:/dev/null: -- +miquels:::::: -- +:*:::::/etc/NoShell -+ +dennis::::::::: -+ +*:::::::::/bin/false - [ All normal users AFTER this line! ] - tester:*:299:10:Just a test account:/tmp: -- miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh -+ obrien:1765:01:10::0:0:David O'Brien:/home/obrien:/bin/sh - - - - - --Thus the user "tester" will exist, but have a shell of /etc/NoShell. miquels -+Thus the user "tester" will exist, but have a shell of /bin/false. obrien - will have normal access. - - -@@ -1686,7 +1081,7 @@ - Alternatively, you could edit the /var/yp/Makefile file - and set NIS to use - another source password file. On large systems the NIS password and group --files are usually stored in /etc/yp/. If you do this the normal -+files are sometimes stored in /etc/yp/. If you do this the normal - tools to administrate the password file such as passwd, chfn, - adduser will not work anymore and you need special homemade tools - for this. -@@ -1699,137 +1094,6 @@ - - - -- --The Server Program yps --<IndexTerm><Primary -->NIS!yps server</Primary></IndexTerm> -- --<IndexTerm><Primary -->yps NIS server</Primary></IndexTerm> -- -- -- --To set up the "yps" NIS server please refer to the previous paragraph. --The "yps" server setup is similar, _but_ not exactly the same so --beware if you try to apply the "ypserv" instructions to "yps"! --"yps" is not supported by any author, and contains some security leaks. --You really shouldn't use it ! -- -- -- --The "yps" NIS server software can be found on: -- -- -- -- -- -- Site Directory File Name -- -- ftp.lysator.liu.se /pub/NYS/servers yps-0.21.tar.gz -- ftp.kernel.org /pub/linux/utils/net/NIS yps-0.21.tar.gz -- -- -- -- -- -- -- --The Program rpc.ypxfrd --<IndexTerm><Primary -->NIS|rpc.ypxfrd daemon</Primary></IndexTerm> -- --<IndexTerm><Primary -->rpc.ypxfrd daemon</Primary></IndexTerm> -- -- -- --rpc.ypxfrd is used for speed up the transfer of very large --NIS maps from a NIS master to NIS slave servers. If a --NIS slave server receives a message that there is a new --map, it will start ypxfr for transfering the new map. --ypxfr will read the contents of a map from the master --server using the yp_all() function. This process can take --several minutes when there are very large maps which have --to store by the database library. -- -- -- --The rpc.ypxfrd server speeds up the transfer process by --allowing NIS slave servers to simply copy the master --server's map files rather than building their own from --scratch. rpc.ypxfrd uses an RPC-based file transfer protocol, --so that there is no need for building a new map. -- -- -- --rpc.ypxfrd can be started by inetd. But since it starts --very slow, it should be started with ypserv. You need to start --rpc.ypxfrd only on the NIS master server. -- -- -- -- -- --The Program rpc.yppasswdd --<IndexTerm><Primary -->NIS!rpc.yppasswdd daemon</Primary></IndexTerm> -- --<IndexTerm><Primary -->rpc.yppasswdd daemon</Primary></IndexTerm> -- -- -- --Whenever users change their passwords, the NIS password database and --probably other NIS databases, which depend on the NIS password --database, should be updated. The program "rpc.yppasswdd" is a server that --handles password changes and makes sure that the NIS information will --be updated accordingly. rpc.yppasswdd is now integrated in ypserv. You --don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz, --and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.3.2 --has full shadow support. yppasswd is now part of yp-tools-2.2.tar.gz. -- -- -- --You need to start rpc.yppasswdd only on the NIS master server. By default, --users are not allowed to change their full name or the login shell. --You can allow this with the -e chfn or -e chsh option. -- -- -- --If your passwd and shadow files are not in another directory then --/etc, you need to add the -D option. For example, if you have put --all source files in /etc/yp and wish to allow the user to change --his shell, you need to start rpc.yppasswdd with the following parameters: -- -- -- -- -- -- rpc.yppasswdd -D /etc/yp -e chsh -- -- -- -- -- --or -- -- -- -- -- -- rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh -- -- -- -- -- --There is nothing more to do. You just need to make sure, that --rpc.yppasswdd uses the same files as /var/yp/Makefile. --Errors will be logged using syslog. -- -- -- -- - - - -@@ -1837,8 +1101,6 @@ - NIS!verification of operation - --NYS!verification of operation - - - -@@ -1869,9 +1131,7 @@ - - - (where userid is the login name of an arbitrary user) should give you --the user's entry in the NIS passwd file. The "ypcat" and "ypmatch" --programs should be included with your distribution of traditional --NIS or NYS. -+the user's entry in the NIS passwd file. - - - -@@ -2172,92 +1432,6 @@ - >NIS!problems with - - -- --Here are some common problems reported by various users: -- -- -- -- -- -- -- -- --The libraries for 4.5.19 are broken. NIS won't work with it. -- -- -- -- -- -- --If you upgrade the libraries from 4.5.19 to 4.5.24 then the --su command breaks. You need to get the su command from the --slackware 1.2.0 distribution. Incidentally that's where you --can get the updated libraries. -- -- -- -- -- -- --When a NIS server goes down and comes up again ypbind starts --complaining with messages like: -- -- -- yp_match: clnt_call: -- RPC: Unable to receive; errno = Connection refused -- -- --and logins are refused for those who are registered in the --NIS database. Try to login as root and kill --ypbind and start it up again. An update to ypbind 3.3 or higher --should also help. -- -- -- -- -- -- --After upgrading the libc to a version greater then 5.4.20, the YP tools --will not work any longer. You need yp-tools 1.2 or later for --libc >= 5.4.21 and glibc 2.x. For earlier libc version you need --yp-clients 2.2. yp-tools 2.x should work for all libraries. -- -- -- -- -- -- --In libc 5.4.21 - 5.4.35 yp_maplist is broken, you need 5.4.36 or later, --or some YP programs like ypwhich will segfault. -- -- -- -- -- -- --libc 5 with traditional NIS doesn't support shadow passwords over NIS. --You need libc5 + NYS or glibc 2.x. -- -- -- -- -- --ypcat shadow doesn't show the shadow map. This is correct, the name of --the shadow map is shadow.byname, not shadow. -- -- -- -- -- --Solaris doesn't use always privileged ports. So don't use password --mangling if you have a Solaris client. -- -- -- -- -- -- -- - - - -@@ -2274,7 +1448,7 @@ - - - -- comp.os.linux.networking -+ hackers@FreeBSD.org - - - -- cgit v1.2.3