<!DOCTYPE Article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<Article>
<ArtHeader>
<Title>The Linux NIS(YP)/NYS/NIS+ HOWTO</Title>
<authorgroup>
<AUTHOR>
<FirstName>Thorsten</FirstName>
<SurName>Kukuk</SurName
</AUTHOR>
<othercredit role="ja-translator">
<othername>ÃæÌîÉðͺ</othername>
<contrib>(ÆüËܸìÌõ)</contrib>
</othercredit>
</authorgroup>
<PubDate>v1.1.1, 18 November 2000</PubDate>
<Abstract>
<Para>
<IndexTerm><Primary>HOWTOs!NIS</Primary></IndexTerm>
<IndexTerm><Primary>HOWTOs!YP</Primary></IndexTerm>
<IndexTerm><Primary>HOWTOs!NYS</Primary></IndexTerm>
<IndexTerm><Primary>HOWTOs!NIS+</Primary></IndexTerm>
<!--O
This document describes how to configure Linux as NIS(YP) or NIS+ client
and how to install as NIS server.
-->
¤³¤Îʸ½ñ¤Ç¤Ï Linux ¤ò NIS(YP) ¤Þ¤¿¤Ï NIS+ ¤Î¥¯¥é¥¤¥¢¥ó¥È¤ËÀßÄꤹ¤ëÊýË¡¡¢
¤ª¤è¤Ó NIS ¥µ¡¼¥Ð¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤Æ½Ò¤Ù¤Þ¤¹¡£
</Para>
</Abstract>
</ArtHeader>
<Sect1 id="intro">
<!--O
<Title>Introduction</Title>
-->
<Title>¤Ï¤¸¤á¤Ë</Title>
<Para>
<!--O
More and more, Linux machines are installed as part of a network of
computers. To simplify network administration, most networks (mostly
Sun-based networks) run the Network Information Service. Linux machines
can take full advantage of existing NIS service or provide NIS service
themselves. Linux machines can also act as full NIS+ clients, this
support is in beta stage.
-->
Linux ¥Þ¥·¥ó¤Ï¤É¤ó¤É¤ó¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤Þ¤·¤¿¡£
¤Þ¤¿¥Í¥Ã¥È¥ï¡¼¥¯´ÉÍý¤Î´Êά²½¤Î¤¿¤á¤Ë¡¢¤Û¤È¤ó¤É¤Î¥Í¥Ã¥È¥ï¡¼¥¯
(ÆÃ¤Ë Sun ¤¬¥Ù¡¼¥¹¤Ë¤Ê¤Ã¤Æ¤¤¤ë¥Í¥Ã¥È¥ï¡¼¥¯) ¤Ç¤Ï NIS ¤¬Æ°¤¤¤Æ¤¤¤Þ¤¹¡£
Linux ¥Þ¥·¥ó¤Ç¤Ï¡¢¤³¤ì¤é¤Î NIS ¥µ¡¼¥Ó¥¹¤ò;¤¹¤È¤³¤í¤Ê¤¯¼õ¤±¤¿¤ê¡¢
¤Þ¤¿Ä󶡤·¤¿¤ê¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
¤Þ¤¿ Linux ¥Þ¥·¥ó¤Ï¡¢´°Á´¤Ëµ¡Ç½¤¹¤ë
NIS+ ¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤ÆÆ°ºî¤µ¤»¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
¤¿¤À¤·¤³¤Á¤é¤Ï¤Þ¤À¥Ù¡¼¥¿¤ÎÃʳ¬¤Ç¤¹¡£
</Para>
<Para>
<!--O
This document tries to answer questions about setting up NIS(YP) and NIS+
on your Linux machine. Don't forget to read
<XRef LinkEnd="portmapper">.
</Para>
-->
¤³¤Îʸ½ñ¤Ï Linux ¥Þ¥·¥ó¤Ë NIS(YP) ¤È
NIS+ ¤ò¥»¥Ã¥È¥¢¥Ã¥×¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤Æµ½Ò¤·¤¿¤â¤Î¤Ç¤¹¡£
¤¤¤º¤ì¤òºÎÍѤ¹¤ë¤Ë¤·¤Æ¤â
<XRef LinkEnd="portmapper">
¤Ïɬ¤ºÆɤó¤Ç²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
The NIS-Howto is edited and maintained by
-->
NIS-HOWTO ¤Ï
<author>
<firstname>Thorsten</firstname>
<surname>Kukuk</surname>
</author>
<email>kukuk@suse.de</email>
¤Ë¤è¤Ã¤ÆÊÔ½¸¡¦´ÉÍý¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
</Para>
<Para>
<!--O
The primary source of the information for the initial NIS-Howto was from:
-->
°ÊÁ°¤Î NIS-HOWTO ¤Ï¡¢°Ê²¼¤Î¿Í¡¹¤Ë¤è¤Ã¤Æ¼¹É®¤µ¤ì¤Þ¤·¤¿¡£Èà¤é¤Ë´¶¼Õ¤·¤Þ¤¹¡£
</Para>
<InformalTable frame=none>
<tgroup cols=2>
<tbody>
<row><entry>Andrea Dell'Amico</entry><entry><adellam@ZIA.ms.it></entry></row>
<row><entry>Mitchum DSouza</entry><entry><Mitch.DSouza@NetComm.IE></entry></row>
<row><entry>Erwin Embsen</entry><entry><erwin@nioz.nl></entry></row>
<row><entry>Peter Eriksson</entry><entry><peter@ifm.liu.se></entry></row>
</tbody>
</tgroup>
</InformalTable>
<!--O
<Para>
who we should thank for writing the first versions of this document.
</Para>
-->
<Para>
ÌõÃí¡§ v0.2 ¤ÎÆüËܸìÌõ¤Ïº¬´ßÎÉÀ¬¤µ¤ó¤Ë¤è¤Ã¤Æ¸ø³«¤µ¤ì¤Þ¤·¤¿¡£
0.6 ¤Ø¤ÎÄÉ¿ï¤È°Ê¹ß¤Î´ÉÍý¤ÏÃæÌîÉðͺ¤¬¹Ô¤Ã¤Æ¤¤¤Þ¤¹¡£
</Para>
<Sect2>
<!--O
<Title>New Versions of this Document</Title>
-->
<Title>¤³¤Îʸ½ñ¤ÎºÇ¿·ÈÇ</Title>
<Para>
<!--O
You can always view the latest version of this document on the
World Wide Web via the
URL <ULink
URL="http://www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html"
>http://www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html</ULink
>.
-->
¤³¤Îʸ½ñ¤ÎºÇ¿·ÈǤϤ¤¤Ä¤Ç¤â WWW ¤Ç±ÜÍ÷¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ URL ¤Ï
<ULink URL="http://www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html"
>http://www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html</ULink>
¤Ç¤¹¡£
</Para>
<Para>
<!--O
New versions of this document will also be uploaded to various
Linux WWW and FTP sites, including the LDP home page.
-->
¤³¤Î¥É¥¥å¥á¥ó¥È¤ÎºÇ¿·ÈǤϡ¢
Linux ´ØÏ¢¤Î WWW ¥µ¥¤¥È¤ä FTP ¥µ¥¤¥È¤Ë¤âÅÐÏ¿¤µ¤ì¤Þ¤¹¡£
¤â¤Á¤í¤ó LDP ¤Î¥Û¡¼¥à¥Ú¡¼¥¸¤Ë¤â¤¢¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
Links to translations of this document could be found at
<ULink
URL="http://www.suse.de/~kukuk/nis-howto/"
>http://www.suse.de/~kukuk/nis-howto/</ULink
>.
-->
ËÝÌõʸ½ñ¤Ø¤Î¥ê¥ó¥¯¤Ï
<ULink URL="http://www.suse.de/~kukuk/nis-howto/"
>http://www.suse.de/~kukuk/nis-howto/</ULink>
¤Ë½¸¤á¤é¤ì¤Æ¤¤¤Þ¤¹¡£
</Para>
<Para>
ÌõÃí¡§
ÆüËܸìÈǤÎʸ½ñ¤ÎºÇ¿·ÈǤÏ
<ULink URL="http://www.linux.or.jp/JF/JFdocs/NIS-HOWTO/"
>JF Project ¤Î¥Ú¡¼¥¸</ULink>
¤ËÃÖ¤«¤ì¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Disclaimer</Title>
-->
<Title>ÌÈÀÕ</Title>
<Para>
<!--O
Although this document has been put together to the best of my
knowledge it may, and probably does contain errors. Please read any
README files that are bundled with any of the various pieces of
software described in this document for more detailed and accurate
information. I will attempt to keep this document as error free as
possible.
-->
¤³¤Îʸ¾Ï¤Ï»ä¤ÎÃ챤òºÇÂç¸Â½¸¤á¤Æ½ñ¤¤¤¿¤Ä¤â¤ê¤Ç¤¹¤¬¡¢
Àµ³Î¤Ç¤Ê¤¤Éôʬ¤â¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¤³¤Îʸ½ñ¤Ç¾Ò²ð¤·¤Æ¤¤¤ë¥×¥í¥°¥é¥à¤Ë¤Ä¤¤¤Æ¤Ï¡¢
¤½¤ì¤¾¤ì¤ËÉÕ°¤·¤Æ¤¤¤ë README ¥Õ¥¡¥¤¥ë¤òɬ¤ºÆɤó¤Ç²¼¤µ¤¤¡£
¤½¤ì¤é¤Ë¤Ï¤è¤ê¾Ü¤·¤¤ÀâÌÀ¤ä¤è¤êÀµ³Î¤Ê¾ðÊ󤬽ñ¤«¤ì¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¤Î¤Ç¡£
¤â¤Á¤í¤ó¤³¤Î¥É¥¥å¥á¥ó¥È¤â
¤Ç¤¤ë¤À¤±´Ö°ã¤¤¤Î¤Ê¤¤¤â¤Î¤Ë¤·¤Æ¤¤¤¤¿¤¤¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Feedback and Corrections</Title>
-->
<Title>¥Õ¥£¡¼¥É¥Ð¥Ã¥¯¤Èº£¸å¤Î²þÈÇ</Title>
<Para>
<!--O
If you have questions or comments about this document, please feel
free to mail Thorsten Kukuk, at <ULink
URL="mailto:kukuk@suse.de"
>kukuk@suse.de</ULink
>. I welcome any
suggestions or criticisms. If you find a mistake with this
document, please let me know so I can correct it in the next
version. Thanks.
-->
¤³¤Îʸ½ñ¤Ë´Ø¤¹¤ë¼ÁÌä¤ä¥³¥á¥ó¥È¤¬¤¢¤ê¤Þ¤·¤¿¤é¡¢¤ªµ¤·Ú¤Ë Thorsten Kukuk
¤Þ¤Ç¥á¡¼¥ë¤ò²¼¤µ¤¤¡£¥¢¥É¥ì¥¹¤Ï
<email>kukuk@suse.de</email>
¤Ç¤¹¡£Äó°Æ¤äÈãȽ¤â´¿·Þ¤·¤Þ¤¹¡£
¤³¤Îʸ½ñ¤Ë¸í¤ê¤ò¸«¤Ä¤±¤¿¤é¡¢»ä¤ËÏ¢Íí¤·¤Æ²¼¤µ¤ì¤Ð¼¡¤ÎÈǤÇÄûÀµ¤·¤Þ¤¹¡£
¤è¤í¤·¤¯¤ª´ê¤¤¤·¤Þ¤¹¡£
</Para>
<Para>
ÌõÃí¡§ËÝÌõ¤ËÂФ¹¤ë¥³¥á¥ó¥È¤ÏÃæÌîÉðͺ
<email>nakano@apm.seikei.ac.jp</email>
¤Þ¤Ç¤ª´ê¤¤¤·¤Þ¤¹¡£
</Para>
<Para>
<!--O
Please do <Emphasis>not</Emphasis> mail me questions about special problems with your Linux
Distribution! I don't know every Linux Distribution. But I will try to add
every solution you send me.
-->
¤Ê¤ª¡¢¤¢¤Ê¤¿¤Î Linux ÇÛÉۥѥ屡¼¥¸¤ËÆÃͤÎÌäÂê¤Ë´Ø¤·¤Æ¤Ï
»ä¤Ë¥á¡¼¥ë¤òÁ÷¤é¤Ê¤¤¤Ç²¼¤µ¤¤¡ª
»ä¤Ï¤¹¤Ù¤Æ¤ÎÇÛÉۥѥ屡¼¥¸¤òÃΤäƤ¤¤ëÌõ¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
¤¿¤À¡¢¤â¤·²ò·èË¡¤âÁ÷¤Ã¤Æ¤¤¤¿¤À¤±¤ì¤Ð¡¢Ê¸½ñ¤ËÄɲä·¤¿¤¤¤È¤Ï»×¤Ã¤Æ¤¤¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Acknowledgements</Title>
-->
<Title>¼Õ¼</Title>
<Para>
<!--O
We would like to thank all the people who have contributed (directly
or indirectly) to this document. In alphabetical order:
-->
¤³¤Î¥É¥¥å¥á¥ó¥È¤òºîÀ®¤¹¤ë¤Ë¤¢¤¿¤Ã¤Æ¡¢Ä¾ÀÜŪ¤¢¤ë¤¤¤Ï´ÖÀÜŪ¤Ë¤ªÀ¤Ïäˤʤê
¤Þ¤·¤¿°Ê²¼¤ÎÊý¡¹¤Ë´¶¼Õ¤·¤Þ¤¹¡£¥¢¥ë¥Õ¥¡¥Ù¥Ã¥È½ç¤Ë¡§
</Para>
<InformalTable frame=none>
<tgroup cols=2>
<tbody>
<row><entry>Byron A Jeff</entry><entry><byron@cc.gatech.edu></entry></row>
<row><entry>Markus Rex</entry><entry><msrex@suse.de></entry></row>
<row><entry>Miquel van Smoorenburg</entry><entry><miquels@cistron.nl></entry></row>
<row><entry>Dan York</entry><entry><dyork@lodestar2.com></entry></row>
</tbody>
</tgroup>
</InformalTable>
<Para>
<!--O
Theo de Raadt is responsible for the original yp-clients code.
Swen Thuemmler ported the yp-clients code to Linux and also ported
the yp-routines in libc (again based on Theo's work).
Thorsten Kukuk has written the NIS(YP) and NIS+ routines for
GNU libc 2.x from scratch.
-->
<application>yp-clients</application>
¤Î¥ª¥ê¥¸¥Ê¥ë¥³¡¼¥É¤Ï
<author>
<firstname>Theo</firstname>
<surname>de Raadt</surname>
</author>
¤Ë¤è¤Ã¤ÆºîÀ®¤µ¤ì¤Þ¤·¤¿¡£
<author>
<firstname>Swen</firstname>
<surname>Thuemmler</surname>
</author>
¤¬
<application>yp-clients</application>
¤Î¥³¡¼¥É¤ò Linux ¤Ë°Ü¿¢¤·¡¢
yp ´ØÏ¢¤Î¥ë¡¼¥Á¥ó (¤³¤ì¤â Theo ¤Î»Å»ö) ¤ò libc ¤Ë°Ü¿¢¤·¤Þ¤·¤¿¡£
<author>
<firstname>Thorsten</firstname>
<surname>Kukuk</surname>
</author>
¤Ï GNU libc 2.x ¸þ¤±¤Î NIS(YP) ¤È
NIS+ ¤Î¥ë¡¼¥Á¥ó¤ò¥¹¥¯¥é¥Ã¥Á¤«¤é½ñ¤¤Þ¤·¤¿¡£
</Para>
<Para>
ÌõÃí¡§ÆüËܸìÌõ¤Ë¤¢¤¿¤Ã¤Æ¤Ï¡¢¾ÜºÙ¤Ê¹»Àµ¤ò¤·¤Æ²¼¤µ¤Ã¤¿
¾¾Ëܾ±»Ê¤µ¤ó¡¦Éð°æ¿¸÷¤µ¤ó¤ò¤Ï¤¸¤á¡¢
JF ¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¤Î³§¤µ¤ó¤Ë¤ªÀ¤Ïäˤʤê¤Þ¤·¤¿¡£
</Para>
</Sect2>
</Sect1>
<Sect1 id="glossary">
<!--O
<Title>Glossary and General Information</Title>
-->
<Title>ÍѸ콸¤È°ìÈÌŪ¤Ê¾ðÊó</Title>
<Sect2>
<!--O
<Title>Glossary of Terms
-->
<Title>ÍѸ콸
<IndexTerm><Primary>NIS!glossary</Primary></IndexTerm>
<IndexTerm><Primary>YP!glossary</Primary></IndexTerm>
<IndexTerm><Primary>NYS!glossary</Primary></IndexTerm>
<IndexTerm><Primary>NIS+!glossary</Primary></IndexTerm>
<IndexTerm><Primary>glossary!NIS/NYS/YP/NIS+</Primary></IndexTerm>
</Title>
<Para>
<!--O
In this document a lot of acronyms are used. Here are the most
important acronyms and a brief explanation:
-->
¤³¤Î¥É¥¥å¥á¥ó¥ÈÃæ¤Ç¤Ï¿¤¯¤Î¾Êά¸ì¤¬»È¤ï¤ì¤Æ¤¤¤Þ¤¹¡£
°Ê²¼¤Ë½ÅÍפʤâ¤Î¤ÎÀâÌÀ¤ò´Êñ¤Ëµó¤²¤Æ¤ª¤¤Þ¤¹¡£
</Para>
<Para>
<VariableList>
<VarListEntry>
<Term>DBM</Term>
<ListItem>
<Para>
<!--O
DataBase Management, a library of functions which
maintain key-content pairs in a data base.
-->
¥Ç¡¼¥¿¥Ù¡¼¥¹¥Þ¥Í¥¸¥á¥ó¥È (DataBase Management)¡£
¸¡º÷¥¡¼¤È¥Ç¡¼¥¿¤È¤Î¥Ú¥¢¤ò´ÉÍý¤¹¤ë¥Ç¡¼¥¿¥Ù¡¼¥¹µ¡Ç½¤ò
»ý¤Ã¤¿¥é¥¤¥Ö¥é¥ê¤Î¤³¤È¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>DLL</Term>
<ListItem>
<Para>
<!--O
Dynamically Linked Library, a library linked to an
executable program at run-time.
-->
ưŪ¥ê¥ó¥¯¥é¥¤¥Ö¥ê (Dynamically Linked Library)¡£
¥×¥í¥°¥é¥à¤Î¼Â¹Ô»þ¤Ë¥ê¥ó¥¯¤µ¤ì¤ë¥é¥¤¥Ö¥é¥ê¤Î¤³¤È¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>domainname</Term>
<ListItem>
<Para>
<!--O
A name "key" that is used by NIS clients to be
able to locate a suitable NIS server that serves that
domainname key. Please note that this does not necessarily
have anything at all to do with the DNS "domain"
(machine name) of the machine(s).
-->
NIS ¥µ¡¼¥Ð¤¬È¯¹Ô¤¹¤ë¥¡¼¥ï¡¼¥É¡£
NIS ¥¯¥é¥¤¥¢¥ó¥È¦¤¬»ÈÍѤ¹¤ë NIS ¥µ¡¼¥Ð¤òÆÃÄꤹ¤ë¤Î¤ËÍѤ¤¤é¤ì¤ë¡£
¤³¤Î domainname ¤Ï DNS ¤Î "domain" ¤È
Ʊ¤¸¤â¤Î¤Ë¤¹¤ëɬÍפϤʤ¯¡¢¤à¤·¤íÊ̤ˤ¹¤Ù¤¤Ç¤¢¤ë¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>FTP</Term>
<ListItem>
<Para>
<!--O
File Transfer Protocol, a protocol used to transfer
files between two computers.
-->
¥Õ¥¡¥¤¥ëžÁ÷¥×¥í¥È¥³¥ë (File Transfer Protocol)¡£
¥³¥ó¥Ô¥å¡¼¥¿´Ö¤Ç¥Õ¥¡¥¤¥ë¤òžÁ÷¤¹¤ë»þ¤ËÍѤ¤¤é¤ì¤ë¥×¥í¥È¥³¥ë¤Î°ì¤Ä¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>libnsl</Term>
<ListItem>
<Para>
<!--O
Name services library, a library of name service calls
(getpwnam, getservbyname, etc...) on SVR4 Unixes. GNU libc
uses this for the NIS (YP) and NIS+ functions.
-->
¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥é¥¤¥Ö¥é¥ê (Name services libraly)¡£
SVR4 Unix ¤Ë¤ª¤±¤ë¥Í¡¼¥à¥µ¡¼¥Ó¥¹´ØÏ¢¤ÎÌ¿Îá
(getpwnam, getservbyname ¤Ê¤É) ¤Î¥é¥¤¥Ö¥é¥ê¡£
GNU libc ¤Ç¤Ï NIS (YP) ¤ª¤è¤Ó NIS+ µ¡Ç½¤Ë¤³¤Î¥é¥¤¥Ö¥é¥ê¤òÍѤ¤¤ë¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>libsocket</Term>
<ListItem>
<Para>
<!--O
Socket services library, a library for the socket
service calls (socket, bind, listen, etc...) on SVR4 Unixes.
¥½¥±¥Ã¥È¥µ¡¼¥Ó¥¹¥é¥¤¥Ö¥é¥ê (Socket services library)¡£
-->
SVR4 Unix ¤Ç¡¢
¥½¥±¥Ã¥È´Ø·¸¤Î¥·¥¹¥Æ¥à¥³¡¼¥ë (socket, bind, listen ¤Ê¤É)
¤òÄ󶡤¹¤ë¥é¥¤¥Ö¥é¥ê¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>NIS</Term>
<ListItem>
<Para>
<!--O
Network Information Service, a service that provides
information, that has to be known throughout the network,
to all machines on the network. There is support for NIS
in Linux's standard libc library, which in the following text
is referred to as "traditional NIS".
-->
¥Í¥Ã¥È¥ï¡¼¥¯¾ðÊ󥵡¼¥Ó¥¹ (Network Information Service)¡£
¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¤¹¤Ù¤Æ¤Î·×»»µ¡¤ÇɬÍפʾðÊó¤ò¶¦Í¤¹¤ë¥µ¡¼¥Ó¥¹¤Î¤³¤È¡£
Linux ¤Îɸ½à libc ¥é¥¤¥Ö¥é¥ê¤Ë¤Ï NIS ¤Î¥µ¥Ý¡¼¥È¤¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢
¤³¤ì¤ò¤³¤Îʸ½ñ¤Ç¤Ï "trad-NIS" ¤Èµ¤¹¡£
</Para>
<Para>
(ÌõÃí¡§¸¶Ê¸¤Ç¤Ï "traditional NIS" ¤Ç¤·¤¿¤¬¡¢Ä¹¤¤¤Î¤ÇÌõ¼Ô¤¬
¾¡¼ê¤Ë¤¸ì¤·¤Þ¤·¤¿)
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>NIS+</Term>
<ListItem>
<Para>
<!--O
Network Information Service (Plus :-), essentially NIS on
steroids. NIS+ is designed by Sun Microsystems Inc. as a
replacement for NIS with better security and better handling
of _large_ installations.
-->
Network Information Service (Plus)¡£
´ðËÜŪ¤Ë¤Ï NIS ¤òµ¡Ç½¥¢¥Ã¥×¤·¤¿¤â¤Î¡£
NIS+ ¤Ï Sun Microsystems Inc. ¤Ë¤è¤Ã¤ÆÀ߷פµ¤ì¡¢
NIS ¤ò¸å·Ñ¤¹¤ë¤â¤Î¤È¤µ¤ì¤Æ¤¤¤ë¡£
¥»¥¥å¥ê¥Æ¥£¤¬¶¯²½¤µ¤ì¡¢
<emphasis>Â礤Ê</emphasis>¥·¥¹¥Æ¥à¤ËƳÆþ¤¹¤ë¤Î¤¬ÍưפˤʤäƤ¤¤ë¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>NYS</Term>
<ListItem>
<Para>
<!--O
This is the name of a project and stands for NIS+, YP and Switch
and is managed by Peter Eriksson <peter@ifm.liu.se>. It contains
among other things a complete reimplementation of the NIS (= YP) code
that uses the Name Services Switch functionality of the NYS library.
-->
NYS ¤Ï¡ÖNIS+, YP, Switch¡×¤òɽ¤¹¥×¥í¥¸¥§¥¯¥È̾¤Ç¤¢¤ë¡£
<author>
<firstname>Peter</firstname>
<surname>Eriksson</surname>
</author>
<email>pen@signum.se</email> ¤¬´ÉÍý¤·¤Æ¤¤¤ë¡£
¤³¤Î¥×¥í¥¸¥§¥¯¥È¤Ç¤Ï
NIS(=YP) ¤Î¥³¡¼¥É¤ò 0 ¤«¤éºÆ¼ÂÁõ¤·¤Æ¤ª¤ê¡¢
NYS ¥é¥¤¥Ö¥é¥ê¤Î¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥¹¥¤¥Ã¥Áµ¡Ç½¤òÍøÍѤ¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>NSS</Term>
<ListItem>
<Para>
<!--O
Name Service Switch. The /etc/nsswitch.conf file determines the order
of lookups performed when a certain piece of information is requested.
-->
¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥¹¥¤¥Ã¥Á (Name Service Switch)¡£
<filename>/etc/nsswitch.conf</filename>
¥Õ¥¡¥¤¥ë¤Ë¤è¤Ã¤Æ¡¢
³Æ¼ï¤Î¾ðÊó¤Î¥ê¥¯¥¨¥¹¥È¤ËÂФ·¤Æ¤É¤ó¤Ê½çÈ֤Ǹ¡º÷¤ò¹Ô¤¦¤«¤ò·èÄꤹ¤ë¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>RPC</Term>
<ListItem>
<Para>
<!--O
Remote Procedure Call. RPC routines allow C programs to
make procedure calls on other machines across the network.
When people talk about RPC they most often mean the Sun RPC
variant.
-->
¥ê¥â¡¼¥È¥×¥í¥·¥¸¥ã¡¼¥³¡¼¥ë (Remote Procedure Call)¡£
C ¥×¥í¥°¥é¥àÆâ¤Ç RPC ¥ë¡¼¥Á¥ó¤òÍøÍѤ¹¤ì¤Ð¡¢
¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ë¤¢¤ë¾¤Î·×»»µ¡¾å¤Î¼ê³¤
(¥µ¥Ö¥ë¡¼¥Á¥ó) ¤ò¸Æ¤Ó¤À¤¹¤³¤È¤¬¤Ç¤¤ë¡£
Ä̾ï¤Îʸ̮¤Ë¤ª¤¤¤Æ¤Ï Sun ¤Î RPC ¼ÂÁõ¤Î°ÕÌ£¤ÇÍѤ¤¤é¤ì¤ë¤³¤È¤¬Â¿¤¤¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>YP</Term>
<ListItem>
<Para>
<!--O
Yellow Pages(tm), a registered trademark in the UK of
British Telecom plc.
-->
¥¤¥¨¥í¡¼¥Ú¡¼¥¸ (Yellow Pages (TM))
Yellow Pages ¤Ï ±Ñ¹ñ British Telecom ¼Ò¤ÎÅÐÏ¿¾¦É¸¡£
</Para>
</ListItem>
</VarListEntry>
<VarListEntry>
<Term>TCP-IP</Term>
<ListItem>
<Para>
<!--O
Transmission Control Protocol/Internet Protocol. It is the
data communication protocol most often used on Unix machines.
-->
Transmission Control Protocol/Internet Protocol ¤Îά¡£ TCP/IP ¤Ï
Unix ¤ÇÈó¾ï¤Ë¤è¤¯»È¤ï¤ì¤Æ¤¤¤ë¥Ç¡¼¥¿ÄÌ¿®¥×¥í¥È¥³¥ë¤Ç¤¢¤ë¡£
</Para>
</ListItem>
</VarListEntry>
</VariableList>
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Some General Information
-->
<Title>°ìÈÌŪ¤Ê¾ðÊó
<IndexTerm><Primary>NIS!general information</Primary></IndexTerm>
<IndexTerm><Primary>YP!general information</Primary></IndexTerm>
<IndexTerm><Primary>NYS!general information</Primary></IndexTerm>
<IndexTerm><Primary>NIS+!general information</Primary></IndexTerm>
</Title>
<Para>
<!--O
The next four lines are quoted from the Sun(tm) System & Network
Administration Manual:
-->
°Ê²¼¤ÎÆâÍÆ¤Ï Sun(tm) System & Network Administration Manual
¤«¤é¤Î°úÍѤǤ¹¡£
</Para>
<Blockquote>
<Para>
<!--O
"NIS was formerly known as Sun Yellow Pages (YP) but
the name Yellow Pages(tm) is a registered trademark
in the United Kingdom of British Telecom plc and may
not be used without permission."
-->
NIS ¤Ï¤«¤Ä¤Æ ¥µ¥ó¡¦¥¤¥¨¥í¡¼¥Ú¡¼¥¸ (Sun Yellow Pages, YP)
¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤·¤¿¡£
¤·¤«¤·¡ÖYellow Pages¡×¤Ï±Ñ¹ñ British Telecom ¼Ò¤ÎÅÐÏ¿¾¦É¸¤Ç¡¢
µö²Ä̵¤¯»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤»¤ó¤Î¤Ç¡¢NIS ¤È¸Æ¤Ö¤³¤È¤Ë¤·¤Þ¤·¤¿¡£
</Para>
</Blockquote>
<Para>
<!--O
NIS stands for Network Information Service. Its purpose is to
provide information, that has to be known throughout the network,
to all machines on the network. Information likely to be
distributed by NIS is:
-->
NIS ¤Ï Network Information Service ¤Îά¤Ç¤¹¡£
¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¤¹¤Ù¤Æ¤Î·×»»µ¡¤Ç¶¦Í¤¹¤Ù¤¾ðÊó¤òÄ󶡤¹¤ë¤¿¤á¤ËÍѤ¤¤é¤ì¤Þ¤¹¡£
NIS ¤ÇÄ󶡤µ¤ì¤ë¾ðÊó¤È¤Ï¡¢Î㤨¤Ð°Ê²¼¤Î¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£
</Para>
<Para>
<ItemizedList>
<ListItem>
<Para>
<!--O
login names/passwords/home directories (/etc/passwd)
-->
¥í¥°¥¤¥ó̾¡¢¥Ñ¥¹¥ï¡¼¥É¡¢¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê (<filename>/etc/passwd</filename>)
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
group information (/etc/group)
-->
¥°¥ë¡¼¥×¾ðÊó (<filename>/etc/group</filename>)
</Para>
</ListItem>
</ItemizedList>
</Para>
<Para>
<!--O
If, for example, your password entry is recorded in the NIS
passwd database, you will be able to login on all machines on the
network which have the NIS client programs running.
-->
Î㤨¤Ð¡¢¤¢¤Ê¤¿¤Î¥Ñ¥¹¥ï¡¼¥É¤¬
NIS ¤Î¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤È¤·¤Þ¤·¤ç¤¦¡£
¤¹¤ë¤È¤¢¤Ê¤¿¤Ï¡¢
¤½¤³¤Ç NIS ¤Î¥¯¥é¥¤¥¢¥ó¥È¥×¥í¥°¥é¥à¤¬Æ°¤¤¤Æ¤¤¤ì¤Ð¡¢
¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¤É¤Î·×»»µ¡¤Ë¤â¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¤¹¡£
</Para>
<Para>
<!--O
Sun is a trademark of Sun Microsystems, Inc. licensed to
SunSoft, Inc.
-->
Sun ¤Ï Sun Microsystems ¼Ò¤Î¾¦É¸¤Ç¤¢¤ê¡¢
SunSoft ¼Ò¤Ë¥é¥¤¥»¥ó¥¹¶¡Í¿¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
</Para>
</Sect2>
</Sect1>
<Sect1 id="selection">
<!--O
<Title>NIS, NYS or NIS+ ?</Title>
-->
<Title>NIS ¤« NYS ¤« NIS+ ¤«</Title>
<Sect2>
<!--O
<Title>libc 4/5 with traditional NIS or NYS ?
-->
<Title>libc 4/5 ¤Ç¤Ï trad-NIS ¤«¡¢¤½¤ì¤È¤â NYS ¥é¥¤¥Ö¥é¥ê¤«¡©
<IndexTerm><Primary
>libc4/5, use with NIS/NYS</Primary></IndexTerm>
<IndexTerm><Primary
>NIS/NYS, use with libc4/5</Primary></IndexTerm>
</Title>
<Para>
<!--O
The choice between "traditional NIS" or the NIS code in the NYS library
is a choice between laziness and maturity vs. flexibility and love of
adventure.
-->
trad-NIS ¤òÍѤ¤¤ë¤« NYS ¥é¥¤¥Ö¥é¥ê¤Î NIS ¥³¡¼¥É¤òÍѤ¤¤ë¤«¤Ï¡¢
¡ÖÄ㵡ǽ¤À¤¬°ÂÄê¡×¤ò¤È¤ë¤«¡Ö½ÀÆð¤À¤¬ËÁ¸±¡×¤ò¤È¤ë¤«¤ÎÁªÂò¤È¸À¤¨¤Þ¤¹¡£
</Para>
<Para>
<!--O
The "traditional NIS" code is in the standard C library and has been
around longer and sometimes suffers from its age and slight
inflexibility.
-->
trad-NIS ¤Î¥³¡¼¥É¤Ïɸ½à C ¥é¥¤¥Ö¥é¥ê¤ËÆþ¤Ã¤Æ¤«¤é¤À¤¤¤Ö·Ð¤Ã¤Æ¤¤¤Þ¤¹¡£
À¸¤Þ¤ì¤¬¸Å¤¤Ê¬¡¢¤ä¤ä½ÀÆðÀ¤Ë·ç¤±¤ë¤È¤³¤í¤¬¤¢¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
The NIS code in the NYS library requires you to recompile the libc
library to include the NYS code into it (or maybe you can
get a precompiled version of libc from someone who has already done it).
-->
°ìÊý NYS ¥é¥¤¥Ö¥é¥ê¤Î NIS ¥³¡¼¥É¤òÍѤ¤¤ë¤Ë¤Ï¡¢
libc ¥é¥¤¥Ö¥é¥ê¤òºÆ¥³¥ó¥Ñ¥¤¥ë¤·¤Æ
libnsl ¤Î¥³¡¼¥É¤ò libc ¤ÎÃæ¤Ë´Þ¤á¤ëɬÍפ¬¤¢¤ê¤Þ¤¹
(¤½¤Î¤è¤¦¤Ë¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿ libc ¥é¥¤¥Ö¥é¥ê¤òÆþ¼ê¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó)¡£
</Para>
<Para>
<!--O
Another difference is that the traditional NIS code has some support
for NIS Netgroups, which the NYS code doesn't. On the other hand
the NYS code allows you to handle Shadow Passwords in a transparent
way. The "traditonal NIS" code doesn't support Shadow Passwords over NIS.
-->
¤Þ¤¿ trad-NIS ¤Î¥³¡¼¥É¤Ç¤Ï NIS ¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×µ¡Ç½¤¬»È¤¨¤Þ¤¹¤¬¡¢
NYS ¤Î¥³¡¼¥É¤Ë¤Ï¼ÂÁõ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£µÕ¤Ë NYS ¤Î¥³¡¼¥É¤Ç¤Ï
Shadow Password ¤òÆ©²áŪ¤Ë°·¤¦¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¤¬¡¢
trad-NIS ¤Î¥³¡¼¥É¤Ï NIS ¾å¤Ç¤Î Shadow ¥Ñ¥¹¥ï¡¼¥É¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>glibc 2 and NIS/NIS+
-->
<Title>glibc 2 ¤È NIS/NIS+
<IndexTerm><Primary
>glibc2, use with NIS/NIS+</Primary></IndexTerm>
<IndexTerm><Primary
>NIS/NIS+, use with glibc2</Primary></IndexTerm>
</Title>
<Para>
<!--O
Forgot all this if you use the new GNU C Library 2.x (aka libc6). It
has real NSS (name switch service) support, which makes it very flexible,
and contains support for the following NIS/NIS+ maps: aliases, ethers, group,
hosts, netgroups, networks, protocols, publickey, passwd, rpc, services
and shadow. The GNU C Library has no problems with shadow passwords over NIS.
-->
GNU C Library 2.x (libc6) ¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢
°Ê¾å¤ÎÁ´¤Æ¤Ï˺¤ì¤Æ²¼¤µ¤¤¡£
libc6 ¤Ç¤Ï NSS (¥Í¡¼¥à¥¹¥¤¥Ã¥Á¥µ¡¼¥Ó¥¹) ¤ò´°Á´¤Ë¥µ¥Ý¡¼¥È¤·¤Æ¤ª¤ê¡¢
Èó¾ï¤Ë½ÀÆð¤Ê±¿ÍѤ¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
¤Þ¤¿°Ê²¼¤Î NIS¡¿NIS+ ¥Þ¥Ã¥×¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹:
aliases, ethers, group, hosts, netgroups, networks, protocols,
publickey, passwd, rpc, services, shadow.
GNU C Library ¤Ç¤Ï¡¢
shadow ¥Ñ¥¹¥ï¡¼¥É¤ò NIS ¤Ç¤Þ¤Ã¤¿¤¯ÌäÂê¤Ê¤¯°·¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>NIS or NIS+ ?
-->
<Title>NIS ¤« NIS+ ¤«¡©
<IndexTerm><Primary
>NIS vs. NIS+</Primary></IndexTerm>
</Title>
<Para>
<!--O
The choice between NIS and NIS+ is easy - use NIS if you don't have to
use NIS+ or have severe security needs. NIS+ is _much_ more problematic
to administer (it's pretty easy to handle on the client side, but the
server side is horrible). Another problem is that the support for NIS+
under Linux is still under developement - you need the latest glibc 2.1.
There is an unsupported port of the glibc NIS+ support for libc5 as
dropin replacement.
-->
¤É¤Á¤é¤òÁª¤Ö¤«Çº¤àɬÍפϤ¢¤ê¤Þ¤»¤ó¡£
Æä˥»¥¥å¥ê¥Æ¥£¤Ë²áÉҤˤʤëɬÍפ¬¤Ê¤«¤Ã¤¿¤ê¡¢
NIS+ ¤ò»È¤ï¤Í¤Ð¤Ê¤é¤Ê¤¤Íýͳ¤¬¤Ê¤¤¤Î¤Ê¤é¡¢NIS ¤ò»È¤¤¤Þ¤·¤ç¤¦¡£
<emphasis>NIS+ ¤Î´ÉÍý¤Ï¤º¤Ã¤ÈÂçÊѤǤ¹</emphasis>
(¥¯¥é¥¤¥¢¥ó¥È¦¤Ç¤Ï¤½¤ì¤Û¤É¤Ç¤â¤¢¤ê¤Þ¤»¤ó¤¬¡¢¥µ¡¼¥Ð¡¼´ÉÍý¤ÏÃϹö¤Ç¤¹)¡£
¤½¤ì¤Ë Linux ¾å¤Ç¤Î NIS+ ¤Ï¤Þ¤À³«È¯Ãʳ¬¤Ê¤Î¤Ç¤¹¡£
ÍøÍѤ¹¤ë¤Ë¤ÏºÇ¿·ÈǤΠglibc 2.1 ¤¬É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
¤Á¤ç¤Ã¤È»î¤·¤Æ¤ß¤¿¤¤¾ì¹ç¤Ë¤Ï¡¢glibc ¤Î NIS+ ¥µ¥Ý¡¼¥È¤ò libc5
¤Ë°Ü¿¢¤·¤¿¤â¤Î¤â¸ºß¤·¤Þ¤¹ (¤¿¤À¤·¤³¤ì¤Ï̤¥µ¥Ý¡¼¥È)¡£
</Para>
</Sect2>
</Sect1>
<Sect1 id="mechanism">
<!--O
<Title>How it works</Title>
-->
<Title>Æ°ºî¸¶Íý</Title>
<Sect2>
<!--O
<Title>How NIS works
-->
<Title>NIS ¤ÎÆ°ºî¸¶Íý
<IndexTerm><Primary
>NIS/YP, theory of operation</Primary></IndexTerm>
</Title>
<Para>
<!--O
Within a network there must be at least one machine acting as a NIS
server. You can have multiple NIS servers, each serving different NIS
"domains" - or you can have cooperating NIS servers, where one is the
master NIS server, and all the other are so-called slave NIS servers
(for a certain NIS "domain", that is!) - or you can have a mix
of them...
-->
¾¯¤Ê¤¯¤È¤â 1 Âæ¤Î NIS ¤Î¥µ¡¼¥Ð¡¼¤¬¥Í¥Ã¥È¥ï¡¼¥¯¾å¤ËɬÍפǤ¹¡£
Ê£¿ô¤Î¥µ¡¼¥Ð¤ò²ÔÆ°¤µ¤»¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
¤³¤Î¾ì¹ç¤Ï¤½¤ì¤¾¤ì¤ò°Û¤Ê¤Ã¤¿ NIS ¡Ö¥É¥á¥¤¥ó¡×¤Î¥µ¡¼¥Ð¤È¤¹¤ë¤«¡¢
¤¢¤ë¤¤¤Ï 2 Âæ¤Î¥µ¡¼¥Ð¤ò¤Ò¤È¤Ä¤Î¥É¥á¥¤¥ó¾å¤Ç¶¨Ä´¤·¤ÆÆ°ºî¤µ¤»¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¸å¼Ô¤Î¹½À®¤Ç¤Ï 1 Âæ¤Î¥µ¡¼¥Ð¤¬¡Ö¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¡×¤È¤Ê¤ê¡¢
¤½¤Î¾¤Î¥µ¡¼¥Ð¤ÏÁ´¤Æ¡Ö¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¡×¤È¸Æ¤Ð¤ì¤Þ¤¹
(1 ¤Ä¤Î¡Ö¥É¥á¥¤¥ó¡×¤ËÂФ¹¤ë¹½À®¤Ç¤¹)¡£
¥É¥á¥¤¥ó¤òÊ£¿ô¡¢¤½¤ì¤¾¤ì¤ËÂФ¹¤ë¥µ¡¼¥Ð¤âÊ£¿ô¡¢
¤È¤¤¤Ã¤¿¤è¤¦¤Ê¹½À®¤â²Äǽ¤Ç¤¹¡£
</Para>
<Para>
<!--O
Slave servers only have copies of the NIS databases and receive these
copies from the master NIS server whenever changes are made to the
master's databases. Depending on the number of machines in your
network and the reliability of your network, you might decide to
install one or more slave servers. Whenever a NIS server goes down or
is too slow in responding to requests, a NIS client connected to that
server will try to find one that is up or faster.
-->
¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤Ï¡¢
¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Î NIS ¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥³¥Ô¡¼ÊÝ»ý¤À¤±¤ò¤·¤Þ¤¹¡£
¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Î NIS ¥Ç¡¼¥¿¥Ù¡¼¥¹¤¬Êѹ¹¤µ¤ì¤ë¤È¡¢Ãà°ì¤½¤ì¤ò¼õ¤±¼è¤ê¤Þ¤¹¡£
¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë·×»»µ¡¤ÎÂæ¿ô¤È¥Í¥Ã¥È¥ï¡¼¥¯¤Î¿®ÍêÀ¤ò¹Íθ¤·¡¢
¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤«¤É¤¦¤«
(¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¾ì¹ç¤Ï¤½¤ÎÂæ¿ô) ¤ò·è¤á¤Æ²¼¤µ¤¤¡£
NIS ¥¯¥é¥¤¥¢¥ó¥È¤Ï¡¢NIS ¥µ¡¼¥Ð¤¬¡ÖÍî¤Á¤Æ¡×¤¤¤¿¤ê¡¢
¥ì¥¹¥Ý¥ó¥¹¤¬ÃÙ¤«¤Ã¤¿¤ê¤¹¤ë¾ì¹ç¤Ë¤Ï¡¢
Íî¤Á¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤ä¤â¤Ã¤È¥ì¥¹¥Ý¥ó¥¹¤Î®¤¤¥µ¡¼¥Ð¤È¤ÎÀܳ¤ò»î¤ß¤Þ¤¹¡£
</Para>
<Para>
<!--O
NIS databases are in so-called DBM format, derived from ASCII
databases. For example, the files <Literal remap="tt">/etc/passwd</Literal> and
<Literal remap="tt">/etc/group</Literal> can be directly converted to DBM format using
ASCII-to-DBM translation software ("makedbm", included with the
server software). The master NIS server should have both, the ASCII
databases and the DBM databases.
-->
NIS ¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ï ASCII ·Á¼°¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤«¤éÊÑ´¹¤µ¤ì¤¿¡¢
¤¤¤ï¤æ¤ë DBM ¥Õ¥©¡¼¥Þ¥Ã¥È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£Î㤨¤Ð
<filename>/etc/passwd</filename>
¤ä
<filename>/etc/group</filename>
¤È¤¤¤Ã¤¿¥Õ¥¡¥¤¥ë¤Ï¡¢ ASCII-DBM ÊÑ´¹¥×¥í¥°¥é¥à
(<command>makedbm</command>: ¥µ¡¼¥Ð¥½¥Õ¥È¤ËÆþ¤Ã¤Æ¤¤¤Þ¤¹)
¤ò»È¤Ã¤ÆľÀÜ DBM¥Õ¥©¡¼¥Þ¥Ã¥È¤ËÊÑ´¹¤Ç¤¤Þ¤¹¡£
NIS ¤Î¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Ï¡¢
ASCII ·Á¼°¤È DBM ·Á¼°¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤È¤ÎξÊý¤ò»ý¤Ã¤Æ¤¤¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
Slave servers will be notified of any change to the NIS maps, (via the
"yppush" program), and automatically retrieve the necessary changes in
order to synchronize their databases. NIS clients do not need to do
this since they always talk to the NIS server to read the information
stored in it's DBM databases.
-->
¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤Ï NIS ¥Þ¥Ã¥×¤¬Êѹ¹¤µ¤ì¤ë¤ÈÄÌÃΤò¼õ¤±¤Þ¤¹
(<command>yppush</command> ¥×¥í¥°¥é¥à¤¬ÍѤ¤¤é¤ì¤Þ¤¹)¡£
¤¹¤ë¤È¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤ÏɬÍפÊÊѹ¹¤ò¹Ô¤¤¡¢
¥Ç¡¼¥¿¥Ù¡¼¥¹¤òƱ´ü¤µ¤»¤Þ¤¹¡£
NIS ¥¯¥é¥¤¥¢¥ó¥È¤Ë¤³¤Î¤è¤¦¤Êºî¶È¤ò¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£
¥¯¥é¥¤¥¢¥ó¥È¤Ï¾ï¤ËºÇ¿·¤Î DBM ¥Ç¡¼¥¿¥Ù¡¼¥¹¤ÎÆâÍƤò
NIS ¥µ¡¼¥Ð¤ËÆɤߤ˹Ԥ¯¤«¤é¤Ç¤¹¡£
</Para>
<Para>
<!--O
Old ypbind versions do a broadcast to find a running NIS server.
This is insecure, due the fact that anyone may install a NIS server
and answer the broadcast queries. Newer Versions of ypbind
(ypbind-3.3 or ypbind-mt) are able to get the server from a
configuration file - thus no need to broadcast.
-->
<command>ypbind</command> ¤Î¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Ç¤Ï¡¢
Æ°ºîÃæ¤Î NIS ¥µ¡¼¥Ð¤òõ¤¹¤Î¤Ë¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤òÍѤ¤¤Æ¤¤¤Þ¤·¤¿¡£
¤³¤ì¤Ë¤Ï¥»¥¥å¥ê¥Æ¥£¾å¤ÎÌäÂ꤬¤¢¤ê¤Þ¤·¤¿¡£
¤Ê¤¼¤Ê¤é狼¤¬ NIS ¥µ¡¼¥Ð¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¡¢
¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤ÎÌ䤤¹ç¤ï¤»¤ËÅú¤¨¤ë¤è¤¦¤Ë¤Ç¤¤ë¤«¤é¤Ç¤¹¡£
¿·¤·¤¤¥Ð¡¼¥¸¥ç¥ó¤Î <command>ypbind</command>
(ypbind-3.3 ¤Þ¤¿¤Ï ypbind-mt) ¤Ç¤Ï¡¢
¥µ¡¼¥Ð¤òÀßÄê¥Õ¥¡¥¤¥ë¤«¤é¼èÆÀ¤Ç¤¤Þ¤¹
- ¤·¤¿¤¬¤Ã¤Æ¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤ÏÉÔÍפǤ¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>How NIS+ works
-->
<Title>NIS+ ¤ÎÆ°ºî¸¶Íý
<IndexTerm><Primary
>NIS+!theory of operation</Primary></IndexTerm>
</Title>
<Para>
<!--O
NIS+ is a new version of the network information nameservice from Sun.
The biggest difference between NIS and NIS+ is that NIS+ has
support for data encryption and authentication over secure RPC.
-->
NIS+ ¤Ï Sun ¤Ë¤è¤ë¿·¤·¤¤¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥Õ¥©¥á¡¼¥·¥ç¥ó¥µ¡¼¥Ó¥¹¤Ç¤¹¡£
NIS ¤È NIS+ ¤ÎºÇ¤âÂ礤ʰ㤤¤Ï¡¢NIS+ ¤Ç¤Ï¥Ç¡¼¥¿¤Î°Å¹æ²½¤È
secure RPC ¤òÄ̤·¤¿Ç§¾Ú¤È¤¬²Äǽ¤Ë¤Ê¤Ã¤Æ¤¤¤ëÅÀ¤Ç¤¹¡£
</Para>
<Para>
<!--O
The naming model of NIS+ is based upon a tree structure. Each node in
the tree corresponds to an NIS+ object, from which we have six types:
directory, entry, group, link, table and private.
-->
NIS+ ¤Î̿̾¥â¥Ç¥ë¤Ï¥Ä¥ê¡¼¹½Â¤¤Ë´ð¤Å¤¤¤Æ¤¤¤Þ¤¹¡£
¥Ä¥ê¡¼¤Î¤½¤ì¤¾¤ì¤Î¥Î¡¼¥É¤¬ NIS+ ¤Î¥ª¥Ö¥¸¥§¥¯¥È¤ËÂбþ¤·¤Æ¤ª¤ê¡¢
¤³¤ì¤Ë¤ÏÏ»¤Ä¤Î¥¿¥¤¥×¤¬¤¢¤ê¤Þ¤¹¡£
<simplelist type="inline">
<member>¥Ç¥£¥ì¥¯¥È¥ê (directory)</member>
<member>¥¨¥ó¥È¥ê (entry)</member>
<member>¥°¥ë¡¼¥× (group)</member>
<member>¥ê¥ó¥¯ (link)</member>
<member>¥Æ¡¼¥Ö¥ë (table)</member>
<member>¥×¥é¥¤¥Ù¡¼¥È (private)</member>
</simplelist>
¤Ç¤¹¡£
</Para>
<Para>
<!--O
The NIS+ directory that forms the root of the NIS+ namespace is called
the root directory. There are two special NIS+ directories:
org_dir and groups_dir. The org_dir directory consists of all
administration tables, such as passwd, hosts, and mail_aliases. The
groups_dir directory consists of NIS+ group objects which are used for
access control. The collection of org_dir, groups_dir and their parent
directory is referred to as an NIS+ domain.
-->
NIS+ ¤Î̾Á°¶õ´Ö¤Ç¥ë¡¼¥È¤È¤Ê¤ë NIS+ ¥Ç¥£¥ì¥¯¥È¥ê¤Ï
root ¥Ç¥£¥ì¥¯¥È¥ê¤È¸Æ¤Ð¤ì¤Þ¤¹¡£
NIS+ ¤Ë¤ÏÆó¤Ä¤ÎÆÃÊ̤ʥǥ£¥ì¥¯¥È¥ê¤¬Â¸ºß¤·¤Þ¤¹¡£
<filename>org_dir</filename>
¤È
<filename>groups_dir</filename>
¤Ç¤¹¡£
<filename>org_dir</filename>
¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤Ï¤¹¤Ù¤Æ¤Î´ÉÍý¥Æ¡¼¥Ö¥ë¤¬´Þ¤Þ¤ì¤Þ¤¹¡£
Î㤨¤Ð
<filename>passwd</filename>,
<filename>hosts</filename>,
<filename>mail_aliases</filename>
¤Ê¤É¤Ç¤¹¡£
<filename>groups_dir</filename>
¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤Ï¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤ËÍѤ¤¤é¤ì¤ë
NIS+ ¥°¥ë¡¼¥×¥ª¥Ö¥¸¥§¥¯¥È¤¬´Þ¤Þ¤ì¤Þ¤¹¡£
<filename>org_dir</filename>
¤È
<filename>groups_dir</filename>
¤ª¤è¤Ó¤½¤ì¤é¤Î¿Æ¥Ç¥£¥ì¥¯¥È¥ê¤ò½¸¤á¤¿¤â¤Î¤¬
NIS+ ¥É¥á¥¤¥ó¤È¤·¤Æ»²¾È¤µ¤ì¤Þ¤¹¡£
</Para>
</Sect2>
</Sect1>
<Sect1 id="portmapper">
<!--O
<Title>The RPC Portmapper
-->
<Title> RPC ¥Ý¡¼¥È¥Þ¥Ã¥Ñ
<IndexTerm><Primary
>RPC portmapper</Primary></IndexTerm>
<IndexTerm><Primary
>portmapper, RPC</Primary></IndexTerm>
<IndexTerm><Primary
>NIS!use of RPC portmapper</Primary></IndexTerm>
</Title>
<Para>
<!--O
To run any of the software mentioned below you will need to run the
program /usr/sbin/portmap. Some Linux distributions already have
the code in the /sbin/init.d/ or /etc/rc.d/ files to start up this
daemon. All you have to do is to activate it and reboot your Linux
machine. Read your Linux Distribution Documentation how to do this.
-->
¤³¤ì¤«¤éÀâÌÀ¤·¤Æ¤¤¤¯¥½¥Õ¥È¥¦¥§¥¢¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¤Þ¤º
<command>/usr/sbin/rpc.portmap</command>
¤òÆ°ºî¤µ¤»¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
Linux ¤ÎÇÛÉۥѥ屡¼¥¸¤ÎÃæ¤Ë¤Ï¡¢
¤³¤Î¥Ç¡¼¥â¥ó¤òΩ¤Á¾å¤²¤ë¤¿¤á¤Î¥³¥Þ¥ó¥É¤¬
<filename>/sbin/init.d/</filename> ¤ä
<filename>/etc/rc.d/</filename> ¤Ë½ñ¤¹þ¤ó¤Ç¤¢¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢
¤½¤Î¾ì¹ç¤Ï³ºÅöÉôʬ¤ò¥¢¥ó¥³¥á¥ó¥È¤·¤Æ¥ê¥Ö¡¼¥È¤¹¤ë¤À¤±¤Ç¤¹¡£
¼ÂºÝ¤Î¤ä¤êÊý¤Ï¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Î¥É¥¥å¥á¥ó¥È¤òÆɤߤޤ·¤ç¤¦¡£
</Para>
<Para>
<!--O
The RPC portmapper (portmap(8)) is a server that converts RPC program
numbers into TCP/IP (or UDP/IP) protocol port numbers. It must be
running in order to make RPC calls (which is what the NIS/NIS+ client
software does) to RPC servers (like a NIS or NIS+ server) on that machine.
When an RPC server is started, it will tell portmap what port number it
is listening to, and what RPC program numbers it is prepared to serve.
When a client wishes to make an RPC call to a given program number, it
will first contact portmap on the server machine to determine the port
number where RPC packets should be sent.
-->
RPC ¥Ý¡¼¥È¥Þ¥Ã¥Ñ (portmap(8)) ¤Ï¡¢
RPC ¥×¥í¥°¥é¥àÈÖ¹æ¤ò TCP/IP ¥Ý¡¼¥ÈÈÖ¹æ¤ËÊÑ´¹¤¹¤ë¥µ¡¼¥Ð¥×¥í¥°¥é¥à¤Ç¤¹¡£
NIS ¥¯¥é¥¤¥¢¥ó¥È¥×¥í¥°¥é¥à¤¬¤ä¤Ã¤Æ¤¤¤ë¤è¤¦¤Ë¡¢
RPC ¥µ¡¼¥Ð (NIS ¥µ¡¼¥Ð¤Ê¤É) ¤Ë RPC ¸Æ¤Ó¤À¤·¤ò¹Ô¤¦¤Ë¤Ï¡¢
RPC ¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤¬Æ°¤¤¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
RPC ¥µ¡¼¥Ð¥×¥í¥°¥é¥à¤Ï¡¢
´Æ»ë¤¹¤ë TCP/IP ¥Ý¡¼¥ÈÈÖ¹æ¤È¥Ç¡¼¥¿¤òÄ󶡤¹¤ë RPC ¥×¥í¥°¥é¥àÈÖ¹æ¤ò¡¢
µ¯Æ°»þ¤Ë¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤ËÅÁ¤¨¤Þ¤¹¡£
¥¯¥é¥¤¥¢¥ó¥È¥×¥í¥°¥é¥à¤¬¡¢
¤¢¤ë RPC ¥×¥í¥°¥é¥àÈÖ¹æ¤Ë¥³¡¼¥ë¤ò¹Ô¤¦ºÝ¤Ë¤Ï¡¢
¤Þ¤º¥µ¡¼¥Ð¥Þ¥·¥ó¾å¤Î RPC ¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤È¸ò¿®¤·¤Æ¡¢
¤É¤Î TCP/IP ¥Ý¡¼¥ÈÈÖ¹æ¤Ë RPC ¤Î¥Ñ¥±¥Ã¥È¤òÁ÷¤ì¤ÐÎɤ¤¤Î¤«¤ò·èÄꤷ¤Þ¤¹¡£
</Para>
<Para>
<!--O
Since RPC servers could be started by inetd(8), portmap should
be running before inetd is started.
-->
RPC ¥µ¡¼¥Ð¥×¥í¥°¥é¥à¤Ï inetd(8) ¤«¤é¤âµ¯Æ°¤Ç¤¤Þ¤¹¤¬¡¢
¤½¤Î¾ì¹ç¤Ï inetd ¤è¤êÁ°¤Ë RPC ¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤òµ¯Æ°¤¹¤ë¤è¤¦¤Ë¤·¤Æ²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
For secure RPC, the portmapper needs the Time service. Make sure, that the
Time service is enabled in /etc/inetd.conf on all hosts:
-->
secure RPC ¤òÍѤ¤¤ë¾ì¹ç¤Ë¤Ï¡¢¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤Ï time ¥µ¡¼¥Ó¥¹¤òɬÍפȤ·¤Þ¤¹¡£
¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Î <filename>/etc/inetd.conf</filename> ¤Ç¡¢
°Ê²¼¤Î¤è¤¦¤Ë time ¥µ¡¼¥Ó¥¹¤¬ÍøÍѲÄǽ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
</Para>
<ProgramListing>
#
# Time service is used for clock syncronization.
#
time stream tcp nowait root internal
time dgram udp wait root internal
</ProgramListing>
<Para>
<!--O
IMPORTANT: Don't forget to restart inetd after changes on its
configuration file !
-->
½ÅÍס§ÀßÄê¥Õ¥¡¥¤¥ëÊѹ¹¤·¤¿¤¢¤È inetd ¤òºÆµ¯Æ°¤¹¤ë¤Î¤ò˺¤ì¤Ê¤¤¤³¤È!
</Para>
</Sect1>
<Sect1 id="nis-setup">
<!--O
<Title>What do you need to set up NIS?
-->
<Title>NIS ¤ÎÀßÄê
<IndexTerm><Primary
>NIS!setting up</Primary></IndexTerm>
</Title>
<Sect2>
<!--O
<Title>Determine whether you are a Server, Slave or Client.
-->
<Title>¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¡¢¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¡¢¥¯¥é¥¤¥¢¥ó¥È¤ò·è¤á¤ë
<IndexTerm><Primary
>NIS!determining system type</Primary></IndexTerm>
</Title>
<Para>
<!--O
To answer this question you have to consider two cases:
-->
¤Þ¤º°Ê²¼¤ÎÆó¤Ä¤Î¾ì¹ç¤ò¹Í¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
</Para>
<Para>
<OrderedList>
<ListItem>
<Para>
<!--O
Your machine is going to be part of a network with existing NIS servers
-->
Àܳ¤¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ë NIS ¥µ¡¼¥Ð¤¬¤¢¤ë¾ì¹ç¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
You do not have any NIS servers in the network yet
-->
Àܳ¤¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ë NIS ¥µ¡¼¥Ð¤¬¤Ê¤¤¾ì¹ç¡£
</Para>
</ListItem>
</OrderedList>
</Para>
<Para>
<!--O
In the first case, you only need the client programs (ypbind, ypwhich,
ypcat, yppoll, ypmatch). The most important program is ypbind. This
program must be running at all times, which means, it should always appear
in the list of processes. It is a daemon process and needs to
be started from the system's startup file (eg. /etc/init.d/nis,
/sbin/init.d/ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local).
As soon as ypbind is running your system has become a NIS client.
-->
ºÇ½é¤Î¥±¡¼¥¹¤Ç¤Ï
<command>ypbind</command>,
<command>ypwhich</command>,
<command>ypcat</command>,
<command>yppoll</command>,
<command>ypmatch</command>
¤È¤¤¤Ã¤¿¥¯¥é¥¤¥¢¥ó¥È¥×¥í¥°¥é¥à¤òµ¯Æ°¤¹¤ë¤À¤±¤Ç
»È¤¨¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£°ìÈÖ½ÅÍפʤΤÏ
<command>ypbind</command> ¤Ç¡¢
¤³¤Î¥×¥í¥°¥é¥à¤Ï¾ï¤Ë¼Â¹Ô¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹
(¤Ä¤Þ¤ê
<command>ps</command>
¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤¿¤È¤¤Ë¥×¥í¥»¥¹¥Æ¡¼¥Ö¥ë¤Ëɽ¼¨¤µ¤ì¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó)¡£
<command>ypbind</command> ¤Ï¤¤¤ï¤æ¤ë¥Ç¡¼¥â¥ó¥×¥í¥»¥¹¤Ç¡¢
¥·¥¹¥Æ¥à¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¥Õ¥¡¥¤¥ë¤«¤éµ¯Æ°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹
(¤Ä¤Þ¤ê
<filename>/etc/init.d/nis</filename>,
<filename>/sbin/init.d/ypclient</filename>,
<filename>/etc/rc.d/init.d/ypbind</filename>,
<filename>/etc/rc.local</filename> ¤Ê¤É)¡£
<command>ypbind</command> ¤¬µ¯Æ°¤µ¤ì¤ì¤Ð¡¢
¤½¤Î·×»»µ¡¤Ï ¤½¤Î»þÅÀ¤«¤é NIS ¥¯¥é¥¤¥¢¥ó¥È¤È¤Ê¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
In the second case, if you don't have NIS servers, then you will also
need a NIS server program (usually called ypserv). <XRef LinkEnd="ypserv">
describes how to set up a NIS server on your Linux machine using the "ypserv"
daemon.
-->
ÆóÈÖÌܤΥ±¡¼¥¹¡¢¤Ä¤Þ¤ê NIS ¥µ¡¼¥Ð¤¬¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢
NIS ¥µ¡¼¥Ð¥×¥í¥°¥é¥à (Ä̾ï¤Ï <command>ypserv</command>) ¤âɬÍפȤʤê¤Þ¤¹¡£
¤³¤Îʸ½ñ¤Î
<XRef LinkEnd="ypserv">
¤Ç¤Ï¡¢¤³¤Î <command>ypserv</command> ¥Ç¡¼¥â¥ó¤òÍѤ¤¤Æ
Linux ¥Þ¥·¥ó¤ò NIS ¥µ¡¼¥Ð¤ËÀßÄꤹ¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Æ¤¤¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>The Software
-->
<Title>¥½¥Õ¥È¥¦¥§¥¢
<IndexTerm><Primary
>NIS!library requirements</Primary></IndexTerm>
</Title>
<Para>
<!--O
The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the
shared library "/lib/libc.so.x" contain all necessary system calls to
succesfully compile the NIS client and server software. For the
GNU C Library 2 (glibc 2.x), you also need /lib/libnsl.so.1.
-->
¥Ð¡¼¥¸¥ç¥ó 4.4.2 °Ê¹ß¤Î¥·¥¹¥Æ¥à¥é¥¤¥Ö¥é¥ê
<filename>/usr/lib/libc.a</filename>
¤â¤·¤¯¤Ï¶¦Í¥é¥¤¥Ö¥é¥ê
<filename>/lib/libc.so.x</filename> ¤Ë¤Ï¡¢
NIS ¤Î¥¯¥é¥¤¥¢¥ó¥È¡¦¥µ¡¼¥Ð¥×¥í¥°¥é¥à¤Î¥³¥ó¥Ñ¥¤¥ë¤ËɬÍפʥ·¥¹¥Æ¥à¥³¡¼¥ë¤¬
¤¹¤Ù¤Æ´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
GNU C Library 2 (glibc 2.x) ¤Ç¤Ï
<filename>/lib/libnsl.so.1</filename> ¤âɬÍפǤ¹¡£
</Para>
<Para>
<!--O
Some people reported that NIS only works with "/usr/lib/libc.a" version
4.5.21 and better so if you want to play it safe don't use older
libc's. The NIS client software can be obtained from:
-->
NIS ¤Ï <filename>/usr/lib/libc.a</filename> ¤Î¥Ð¡¼¥¸¥ç¥ó
4.5.21 °Ê¾å¤Ç¤·¤«Æ°¤«¤Ê¤¤¤È¤¤¤¦Êó¹ð¤¬¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢
°ÂÁ´¤Î¤¿¤á¤Ë¤Ï¸Å¤¤¤â¤Î¤Ï»È¤ï¤Ê¤¤Êý¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
NIS ¤Î¥¯¥é¥¤¥¢¥ó¥È¥×¥í¥°¥é¥à¤Ï°Ê²¼¤ÇÆþ¼ê¤Ç¤¤Þ¤¹¡£
</Para>
<InformalTable frame=none>
<tgroup cols=2>
<thead>
<row>
<entry>Site and Directory</entry>
<entry>Filename</entry>
</row>
</thead>
<tbody>
<row>
<entry morerows=3><ULink URL="ftp://ftp.kernel.org/pub/linux/utils/net/NIS/"
>ftp.kernel.org:/pub/linux/utils/net/NIS</ULink></entry>
<entry>yp-tools-2.4.tar.gz</entry>
</row>
<row><entry>ypbind-mt-1.7.tar.gz</entry></row>
<row><entry>ypbind-3.3.tar.gz</entry></row>
<row><entry>ypbind-3.3-glibc5.diff.gz</entry></row>
</tbody>
</tgroup>
</InformalTable>
<Para>
<!--O
Once you obtained the software, please follow the instructions which
come with the software. yp-clients 2.2 are for use with libc4 and libc5
until 5.4.20. libc 5.4.21 and glibc 2.x needs yp-tools 1.4.1 or later.
The new yp-tools 2.4 should work with every Linux libc. Since there was
a bug in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc
5.4.36 or later instead, or the most YP programs will not work.
ypbind 3.3 will work with all libraries, too. If you use gcc 2.8.x or
greater, egcs or glibc 2.x, you should add the ypbind-3.3-glibc5.diff
patch to ypbind 3.3. If possible you should avoid the use of ypbind 3.3
for security reasons.
ypbind-mt is a new, multithreaded daemon. It needs a Linux 2.2 kernel
and glibc 2.1 or later.
-->
¥½¥Õ¥È¤ò¼ê¤ËÆþ¤ì¤¿¤é¡¢Æ±º¤µ¤ì¤Æ¤¤¤ëÀâÌÀ¤Ë¤·¤¿¤¬¤Ã¤Æ²¼¤µ¤¤¡£
yp-clients 2.2 ¤Ï libc4 ¤Þ¤¿¤Ï 5.4.20 ¤Þ¤Ç¤Î libc5 ¤È¶¦¤ËÍѤ¤¤Æ²¼¤µ¤¤¡£
libc 5.4.21 °Ê¹ß¤È glibc 2.x ¤Ë¤Ï yp-tools 1.4.1 °Ê¹ß¤¬É¬ÍפǤ¹¡£
¿·¤·¤¤ yp-tools ¤Î¥Ð¡¼¥¸¥ç¥ó 2.4 ¤Ï¡¢¤¹¤Ù¤Æ¤Î Linux libc ¤ÇÆ°ºî¤·¤Þ¤¹¡£
5.4.21 ¤«¤é 5.4.35 ¤Þ¤Ç¤Î libc ¤Ï¡¢
NIS ¤Î¥³¡¼¥É¤Ë¥Ð¥°¤¬¤¢¤ë¤Î¤Ç»È¤ï¤Ê¤¤Êý¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
libc 5.4.36 °Ê¹ß¤ò»È¤ï¤Ê¤¤¤È¡¢¤Û¤È¤ó¤É¤Î YP ¥×¥í¥°¥é¥à¤ÏÆ°ºî¤·¤Ê¤¤¤Ç¤·¤ç¤¦¡£
ypbind 3.3 ¤â¤¹¤Ù¤Æ¤Î¥é¥¤¥Ö¥é¥ê¤ÇÆ°ºî¤·¤Þ¤¹¡£
gcc 2.8.x °Ê¹ß¤« egcs¡¢ glibc 2.x ¤òÍøÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢
<filename>ypbind-3.3-glibc5.diff</filename> ¥Ñ¥Ã¥Á¤ò
ypbind 3.3 ¤ËÅö¤Æ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¥»¥¥å¥ê¥Æ¥£¤ËÌäÂ꤬¤¢¤ë¤Î¤Ç¡¢
²Äǽ¤Ê¤é ypbind 3.3 ¤Ï»È¤ï¤Ê¤¤¤Û¤¦¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
ypbind-mt ¤Ï¡¢¿·¤·¤¯³«È¯¤µ¤ì¤¿¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¤Î¥Ç¡¼¥â¥ó¤Ç¤¹¡£
¤³¤ì¤Ë¤Ï Linux 2.2 ¥«¡¼¥Í¥ë¤È glibc 2.1 °Ê¹ß¤¬É¬ÍפǤ¹¡£
</Para>
</Sect2>
</Sect1>
<Sect1 id="nis-client">
<!--O
<Title>Setting Up the NIS Client
-->
<Title>NIS ¥¯¥é¥¤¥¢¥ó¥È¤ÎÀßÄê
</Title>
<Sect2>
<!--O
<Title>The ypbind daemon
-->
<Title>ypbind ¥Ç¡¼¥â¥ó
<IndexTerm><Primary
>NIS!ypbind daemon</Primary></IndexTerm>
<IndexTerm><Primary
>ypbind NIS daemon</Primary></IndexTerm>
<IndexTerm><Primary
>daemon!ypbind</Primary></IndexTerm>
</Title>
<Para>
<!--O
After you have succesfully compiled the software you are now ready
to install it. A suitable place for the ypbind daemon is the directory
/usr/sbin. Some people may tell you that you don't need
ypbind on a system with NYS. This is wrong. ypwhich and ypcat need it
always.
-->
¥½¥Õ¥È¥¦¥§¥¢¤¬¤¦¤Þ¤¯¥³¥ó¥Ñ¥¤¥ë¤Ç¤¤¿¤é¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤·¤ç¤¦¡£
<command>ypbind</command> ¥Ç¡¼¥â¥ó¤Ï
<filename>/usr/sbin</filename>
¥Ç¥£¥ì¥¯¥È¥ê¤ËÆþ¤ì¤ë¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£
NYS ¤Î¥·¥¹¥Æ¥à¤Ç¤Ï
<command>ypbind</command> ¤ÏɬÍפʤ¤¤È¸À¤¦¿Í¤¬¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢
¤³¤ì¤Ï´Ö°ã¤Ã¤Æ¤¤¤Þ¤¹¡£
<command>ypwhich</command> ¤È
<command>ypcat</command> ¤Ï¡¢
¤«¤Ê¤é¤º <command>ypbind</command> ¤òɬÍפȤ·¤Þ¤¹¡£
</Para>
<Para>
<!--O
You must do this as root of course. The other binaries (ypwhich,
ypcat, yppasswd, yppoll, ypmatch) should go in a directory accessible
by all users, normally /usr/bin.
-->
<filename>ypbind</filename>
¤Î¥¤¥ó¥¹¥È¡¼¥ë¤Ï¤â¤Á¤í¤ó¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¤Ç¹Ô¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
¾¤Î¥Ð¥¤¥Ê¥ê (<filename>ypwhich</filename>,
<filename>ypcat</filename>,
<filename>yppoll</filename>,
<filename>ypmatch</filename>)
¤Ï¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¡¼¤«¤é¥¢¥¯¥»¥¹²Äǽ¤Ê¥Ç¥£¥ì¥¯¥È¥ê¤ËÃÖ¤¤Þ¤·¤ç¤¦¡£
Ä̾ï¤Ï
<filename>/usr/bin</filename>
¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
</Para>
<Para>
<!--O
Newer ypbind versions have a configuration file called /etc/yp.conf. You can
hardcode a NIS server there - for more info see the manual page for ypbind(8).
You also need this file for NYS.
An example:
-->
ºÇ¶á¤Î <command>ypbind</command> ¤Ë¤ÏÀßÄê¥Õ¥¡¥¤¥ë
<filename>/etc/yp.conf</filename> ¤¬¤¢¤ê¤Þ¤¹¡£
¤³¤³¤Ë NIS ¥µ¡¼¥Ð¤òľ¤Ë½ñ¤¤¤Æ¤ª¤¯¤³¤È¤â¤Ç¤¤Þ¤¹¡£
¾Ü¤·¤¯¤Ï ypbind(8) ¤Î¥Þ¥Ë¥å¥¢¥ë¤òÆɤó¤Ç²¼¤µ¤¤¡£
¤³¤Î¥Õ¥¡¥¤¥ë¤Ï NYS ¤Ç¤âɬÍפǤ¹¡£°Ê²¼¤ÏÎã¤Ç¤¹¡£
</Para>
<ProgramListing>
ypserver 10.10.0.1
ypserver 10.0.100.8
ypserver 10.3.1.1
</ProgramListing>
<Para>
<!--O
If the system cam resolv the hostnames without NIS, you may use
the name, otherwise you have to use the IP address. ypbind 3.3 has a bug
and will only use the last entry (ypserver 10.3.1.1 in the example). All
other entries are ignored. ypbind-mt handle this correct and uses
that one, which answerd at first.
-->
NIS ¤Ê¤·¤Ç¤â¥Û¥¹¥È̾¤Î²ò·è¤¬¤Ç¤¤ë¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
IP ¥¢¥É¥ì¥¹¤Ç¤Ê¤¯Ì¾Á°¤òÍѤ¤¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
¤½¤¦¤Ç¤Ê¤±¤ì¤Ð IP ¥¢¥É¥ì¥¹¤òÍѤ¤¤Þ¤¹¡£
ypbind 3.3 ¤Ë¤Ï¥Ð¥°¤¬¤¢¤ê¡¢ºÇ¸å¤Î¥¨¥ó¥È¥ê
(¾åµ¤ÎÎã¤Ç¤Ï ypserver 10.3.1.1) ¤·¤«ÍѤ¤¤é¤ì¤º¡¢
¾¤ÏÁ´¤Æ̵»ë¤µ¤ì¤Þ¤¹¡£
ypbind-mt ¤Ç¤ÏÀµ¤·¤¯°·¤¦¤³¤È¤¬¤Ç¤¡¢
ºÇ½é¤ËÊÖ»ö¤·¤¿¥µ¡¼¥Ð¤¬ÍѤ¤¤é¤ì¤Þ¤¹¡£
</Para>
<Para>
<!--O
It might be a good idea to test ypbind before incorporating it in the
startup files. To test ypbind do the following:
-->
<command>ypbind</command>
¤ò¥¹¥¿¡¼¥È¥¢¥Ã¥×¥Õ¥¡¥¤¥ë¤ËÆþ¤ì¤ëÁ°¤Ë
¥Æ¥¹¥È¤·¤Æ¤ª¤¯¤³¤È¤ò¤ª´«¤á¤·¤Þ¤¹¡£
<command>ypbind</command>
¤Î¥Æ¥¹¥È¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤·¤Æ¹Ô¤¤¤Þ¤¹¡£
</Para>
<Para>
<ItemizedList>
<ListItem>
<Para>
<!--O
Make sure you have your YP-domain name set. If it is not set then
issue the command:
-->
YP ¤Î¥É¥á¥¤¥ó¥Í¡¼¥à¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
<Screen>
/bin/domainname nis.domain
</Screen>
<!--O
where <Literal remap="tt">nis.domain</Literal> should be some string _NOT_ normally
associated with the DNS-domain name of your machine! The reason for
this is that it makes it a little harder for external crackers
to retreive the password database from your NIS servers. If you
don't know what the NIS domain name is on your network, ask
your system/network administrator.
-->
<userinput>nis.domain</userinput>
¤ÏÄ̾ïŬÅö¤Êʸ»úÎó¤Ç¡¢
<emphasis>¤¢¤Ê¤¿¤Î¥Þ¥·¥ó¤Î
DNS ¥É¥á¥¤¥ó¥Í¡¼¥à¤È¤Ï°ã¤¦¤â¤Î¤Ë¤¹¤Ù¤</emphasis>¤Ç¤¹¡£
¤³¤¦¤·¤Æ¤ª¤±¤Ð¡¢³°Éô¤Î¥¯¥é¥Ã¥«¡¼¤¬¥µ¡¼¥Ð¤«¤é NIS
¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹¤òÅð¤ó¤Ç¤¤¤¯¤Î¤¬¤ï¤º¤«¤Ê¤¬¤éº¤Æñ¤Ë¤Ê¤ê¤Þ¤¹¡£
NIS ¥É¥á¥¤¥ó̾¤òÃΤé¤Ê¤¤¾ì¹ç¤Ï
¥·¥¹¥Æ¥à´ÉÍý¼Ô¤«¥Í¥Ã¥È¥ï¡¼¥¯´ÉÍý¼Ô¤Ë¿Ò¤Í¤Æ²¼¤µ¤¤¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
Start up "/usr/sbin/portmap" if it is not already running.
-->
<command>/usr/sbin/rpc.portmap</command> ¤¬µ¯Æ°¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ðµ¯Æ°¤·¤Þ¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
Create the directory "/var/yp" if it does not exist.
-->
<filename>/var/yp</filename> ¤È¤¤¤¦¥Ç¥£¥ì¥¯¥È¥ê¤¬¤Ê¤±¤ì¤ÐºîÀ®¤·¤Þ¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
Start up "/usr/sbin/ypbind"
-->
<command>/usr/sbin/ypbind</command> ¤òµ¯Æ°¤·¤Þ¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
Use the command "rpcinfo -p localhost" to check if ypbind
was able to register its service with the portmapper. The
output should look like:
-->
ypbind ¤¬¥µ¡¼¥Ó¥¹ÆâÍƤò¥Ý¡¼¥È¥Þ¥Ã¥Ñ¤ËÅÐÏ¿¤Ç¤¤¿¤«¤É¤¦¤«³Î¤«¤á¤ë¤¿¤á¤Ë¡¢
<command>rpcinfo <option>-p</option> localhost</command>
¤È¤¤¤¦¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
°Ê²¼¤Î¤è¤¦¤Ê½ÐÎϤ¬¸½¤ï¤ì¤ë¤Ï¤º¤Ç¤¹¡£
<Screen>
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 637 ypbind
100007 2 tcp 639 ypbind
</Screen>
<!--O
or
-->
¤¢¤ë¤¤¤Ï»È¤Ã¤Æ¤¤¤ë¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ¤Ï
<Screen>
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 758 ypbind
100007 1 udp 758 ypbind
100007 2 tcp 761 ypbind
100007 1 tcp 761 ypbind
</Screen>
<!--O
Depending on the ypbind version you are using.
-->
¤Î¤è¤¦¤Ë¤Ê¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
You may also run "rpcinfo -u localhost ypbind". This command
should produce something like:
-->
<command>rpcinfo <option>-u</option> localhost ypbind</command>
¤â¼Â¹Ô¤·¤Æ¤ß¤Æ²¼¤µ¤¤¡£°Ê²¼¤Î¤è¤¦¤Êɽ¼¨¤¬½Ð¤ë¤Ï¤º¤Ç¤¹¡£
<Screen>
program 100007 version 2 ready and waiting
</Screen>
<!--O
or
-->
¤¢¤ë¤¤¤Ï¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿ ypbind ¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ¤Ï
<Screen>
program 100007 version 1 ready and waiting
program 100007 version 2 ready and waiting
</Screen>
<!--O
The output depends on the ypbind version you have installed.
Important is only the "version 2" message.
-->
¤Î¤è¤¦¤Ê½ÐÎϤˤʤ뤫¤â¤·¤ì¤Þ¤»¤ó¡£
½ÅÍ×¤Ê¤Î¤Ï "version 2" ¤Î¥á¥Ã¥»¡¼¥¸¤À¤±¤Ç¤¹¡£
</Para>
</ListItem>
</ItemizedList>
</Para>
<Para>
<!--O
At this point you should be able to use NIS client programs like ypcat,
etc... For example, "ypcat passwd.byname" will give you the entire NIS
password database.
-->
¤³¤³¤Þ¤ÇÍè¤ì¤Ð <command>ypcat</command>
¤Î¤è¤¦¤Ê NIS ¥¯¥é¥¤¥¢¥ó¥È¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤Ç¤¤ë¤Ï¤º¤Ç¤¹¡£
Î㤨¤Ð NIS ¤Î¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹¤ò»²¾È¤·¤¿¤¤¾ì¹ç¤Ë¤Ï¡¢
<command>ypcat <replaceable>passwd.byname</replaceable></command>
¤È¤·¤Þ¤¹¡£
</Para>
<!--O
<Para>
IMPORTANT: If you skipped the test procedure then make sure you have set
the domain name, and created the directory
</Para>
<Para>
<Screen>
/var/yp
</Screen>
</Para>
<Para>
This directory MUST exist for ypbind to start up succesfully.
</Para>
-->
<Para>
½ÅÍ×: ¤â¤·¾å½Ò¤Î <command>ypbind</command> ¤Î¥Æ¥¹¥È¤ò¾Êά¤·¤¿¾ì¹ç¡¢
¾¯¤Ê¤¯¤È¤â¥É¥á¥¤¥ó¥Í¡¼¥à¤¬ÀßÄꤷ¤Æ¤¢¤ë¤³¤È¤È
<filename>/var/yp</filename>
¤È¤¤¤¦Ì¾Á°¤Î¥Ç¥£¥ì¥¯¥È¥ê¤¬ºî¤Ã¤Æ¤¢¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
<filename>/var/yp</filename> ¤¬¤Ê¤¤¤È
<command>ypbind</command> ¤ÏÀµ¾ï¤Ëµ¯Æ°¤Ç¤¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
To check if the domainname is set correct, use the /bin/ypdomainname from
yp-tools 2.2. It uses the yp_get_default_domain() function which is more
restrict. It doesn't allow for example the "(none)" domainname, which
is the default under Linux and makes a lot of problems.
-->
¥É¥á¥¤¥ó¥Í¡¼¥à¤ÎÀßÄ꤬Àµ¤·¤¤¤«¤É¤¦¤«¤ò¥Á¥§¥Ã¥¯¤¹¤ë¤Ë¤Ï¡¢
yp-tools 2.2 ¤Î
<command>/bin/ypdomainname</command> ¤ò»È¤Ã¤Æ²¼¤µ¤¤¡£
¤³¤Î¥×¥í¥°¥é¥à¤Ï
yp_get_default_domain() ´Ø¿ô¤ò»È¤¦¤Î¤Ç¡¢
¤è¤ê¸·¤·¤¤¥Á¥§¥Ã¥¯¤¬¤Ç¤¤Þ¤¹¡£
Î㤨¤Ð Linux ¤Ç¥Ç¥Õ¥©¥ë¥È¤Ë¤Ê¤Ã¤Æ¤¤¤ë
(¤½¤·¤Æ¿¤¯¤ÎÌäÂê¤Î¸¶°ø¤Ë¤Ê¤Ã¤Æ¤¤¤ë)
"(none)" ¤Î¤è¤¦¤Ê¥É¥á¥¤¥ó̾¤Ï¡¢
¤³¤Î¥×¥í¥°¥é¥à¤Ç¤Ïµö²Ä¤µ¤ì¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
If the test worked you may now want to change your startupd files
so that ypbind will be started at boot time and your system will
act as a NIS client. Make sure that the domainname will
be set before you start ypbind.
-->
¥Æ¥¹¥È¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿¤é¥¹¥¿¡¼¥È¥¢¥Ã¥×¥Õ¥¡¥¤¥ë¤òÊѹ¹¤·¤Æ¡¢¥Ö¡¼¥È»þ¤Ë
<command>ypbind</command> ¤¬µ¯Æ°¤µ¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£
¼«Æ°Åª¤Ë NIS ¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤Æ¤Î³èÆ°¤¬³«»Ï¤µ¤ì¤Þ¤¹¡£
<command>ypbind</command> ¤Îµ¯Æ°Á°¤Ë¡¢
¥É¥á¥¤¥ó¥Í¡¼¥à¤¬ÀßÄꤵ¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤Î¤â˺¤ì¤Ê¤¤¤³¤È¡£
</Para>
<Para>
<!--O
Well, that's it. Reboot the machine and watch the boot messages to see
if ypbind is actually started.
-->
°Ê¾å¤ÇÀßÄê¤Ï½ªÎ»¤·¤Þ¤·¤¿¡£¥ê¥Ö¡¼¥È¤·¤Æ¡¢¥Ö¡¼¥È¥á¥Ã¥»¡¼¥¸¤Ç
<command>ypbind</command> ¤¬Àµ¾ï¤ËÆ°ºî¤·¤Æ¤¤¤ë¤«¤É¤¦¤«³Îǧ¤·¤Æ²¼¤µ¤¤¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Setting up a NIS Client using Traditional NIS
-->
<Title>trad-NIS ¤òÍѤ¤¤¿ NIS ¥¯¥é¥¤¥¢¥ó¥È¤ò¥»¥Ã¥È¥¢¥Ã¥×¤¹¤ë
<IndexTerm><Primary
>NIS!client setup</Primary></IndexTerm>
</Title>
<Para>
<!--O
For host lookups you must set (or add) "nis" to the lookup order line
in your /etc/host.conf file. Please read the manpage "resolv+.8" for
more details.
-->
¥Û¥¹¥È¤Î̾Á°²ò·è¤Ë NIS ¤òÍѤ¤¤ë¤Ë¤Ï¡¢
<filename>/etc/host.conf</filename> ¥Õ¥¡¥¤¥ë¤Ç²ò·è½ç¤ò»ØÄꤹ¤ë¹Ô¤Ë
"nis" ¤ò»ØÄê (¤Þ¤¿¤ÏÄɲÃ) ¤·¤Æ²¼¤µ¤¤¡£
¾ÜºÙ¤ËÉÕ¤¤¤Æ¤Ï resolv+(8) ¤Î¥Þ¥Ë¥å¥¢¥ë¤òÆɤó¤Ç²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
Add the following line to /etc/passwd on your NIS clients:
-->
°Ê²¼¤Î¹Ô¤ò NIS ¥¯¥é¥¤¥¢¥ó¥È¤Î
<filename>/etc/passwd</filename> ¤ËÄɲ䷤Ʋ¼¤µ¤¤¡£
</Para>
<Para>
<ProgramListing>
+::::::
</ProgramListing>
</Para>
<Para>
<!--O
You can also use the + and - characters to include/exclude or change
users. If you want to exclude the user guest just add -guest to your
/etc/passwd file. You want to use a different shell (e.g. ksh) for
the user "linux"? No problem, just add "+linux::::::/bin/ksh"
(without the quotes) to your /etc/passwd. Fields that you don't want
to change have to be left empty. You could also use Netgroups for
user control.
-->
+ ¤ä - ¤È¤¤¤Ã¤¿Ê¸»ú¤ò»È¤¨¤Ð¡¢
¥æ¡¼¥¶¡¼¤òÄɲÃ/ºï½ü¤·¤¿¤ê¾õÂÖ¤òÊѹ¹¤·¤¿¤ê¤Ç¤¤Þ¤¹¡£
Î㤨¤Ð¥æ¡¼¥¶ guest ¤òºï½ü¤·¤¿¤¤¤Ê¤é
<filename>/etc/passwd</filename> ¥Õ¥¡¥¤¥ë¤Ë -guest ¤òÄɲ乤ì¤Ð OK ¤Ç¤¹¡£
¥æ¡¼¥¶ "linux" ¤Ë°ã¤Ã¤¿¥·¥§¥ë (Î㤨¤Ð ksh) ¤ò»È¤ï¤»¤¿¤¤¤Ç¤¹¤Ã¤Æ¡©
Âç¾æÉס¢"+linux::::::/bin/ksh" ¤ò
<filename>/etc/passwd</filename> ¤ËÄɲ乤ë¤À¤±¤Ç¤¹ (°úÍÑÉä¤Ï¼è¤Ã¤Æ²¼¤µ¤¤)¡£
Êѹ¹¤·¤¿¤¯¤Ê¤¤¥Õ¥£¡¼¥ë¥É¤Ï¶õ¤Î¤Þ¤Þ¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
¥æ¡¼¥¶¤Î¥³¥ó¥È¥í¡¼¥ë¤Ë¤Ï¥Í¥Ã¥È¥°¥ë¡¼¥×¤òÍѤ¤¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
</Para>
<Para>
<!--O
For example, to allow login-access only to miquels, dth and ed, and
all members of the sysadmin netgroup, but to have the account data
of all other users available use:
-->
Î㤨¤Ð¡Ö¥í¥°¥¤¥ó¥¢¥¯¥»¥¹¤ò miquiels, dth, ed ¤È¥Í¥Ã¥È¥°¥ë¡¼¥× sysadmin
¤Î¥á¥ó¥Ð¡¼¤À¤±¤Ë¸Â¤ê¤¿¤¤¤¬¡¢¥¢¥«¥¦¥ó¥È¥Ç¡¼¥¿¤Ï¾¤Î¥æ¡¼¥¶Á´°÷ʬ¤¬É¬Íס×
¤È¤¤¤¦¤è¤¦¤Ê¾ì¹ç¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
</Para>
<Para>
<ProgramListing>
+miquels:::::::
+ed:::::::
+dth:::::::
+@sysadmins:::::::
-ftp
+:*::::::/etc/NoShell
</ProgramListing>
</Para>
<Para>
<!--O
Note that in Linux you can also override the password field, as we did
in this example. We also remove the login "ftp", so it isn't known any
longer, and anonymous ftp will not work.
-->
Linux ¤Ç¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î¥Õ¥£¡¼¥ë¥É¤â¾å½ñ¤¤Ç¤¤ë¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£¤ä
¤êÊý¤Ïº£¤ÎÎã¤ÈÁ´¤¯Æ±¤¸¤Ç¤¹¡£¤³¤ÎÎã¤Ç¤Ï "ftp" ¤Î¥í¥°¥¤¥ó¤â
ºï½ü¤·¤Æ¤¤¤Þ¤¹¡£½¾¤Ã¤Æ¤³¤Î¥æ¡¼¥¶¤Ï¸ºß¤·¤Ê¤¯¤Ê¤ê¡¢
anonymous ftp ¤Ïµ¡Ç½¤·¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
The netgroup would look like
-->
<filename>/etc/netgroup</filename>
¥Õ¥¡¥¤¥ë¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È»×¤¤¤Þ¤¹¡£
</Para>
<ProgramListing>
sysadmins (-,software,) (-,kukuk,)
</ProgramListing>
<Para>
<!--O
IMPORTANT: The netgroup feature is implemented starting from libc 4.5.26.
If you have a version of libc earlier than 4.5.26, every user in the
NIS password database can access your linux machine if you run "ypbind" !
-->
½ÅÍס§¥Í¥Ã¥È¥°¥ë¡¼¥×¤Îµ¡Ç½¤Ï libc 4.5.26 ¤«¤é¼ÂÁõ¤µ¤ì¤Þ¤·¤¿¡£ 4.5.26
°ÊÁ°¤Î libc ¤ò»È¤Ã¤Æ¤¤¤ë Linux ¥Þ¥·¥ó¤Ç
<command>ypbind</command> ¤ò¼Â¹Ô¤¹¤ë¤È¡¢
NIS ¤Î¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ë¥¨¥ó¥È¥ê¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Ï
¤½¤Î¥Þ¥·¥ó¤Ë¥¢¥¯¥»¥¹¤Ç¤¤Æ¤·¤Þ¤¤¤Þ¤¹¡ª
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Setting up a NIS Client using NYS
-->
<Title> NYS ¤òÍѤ¤¤¿ NIS ¥¯¥é¥¤¥¢¥ó¥È¤ò¥»¥Ã¥È¥¢¥Ã¥×¤¹¤ë
<IndexTerm><Primary
>NYS!client setup</Primary></IndexTerm>
</Title>
<Para>
<!--O
All that is required is that the NIS configuration file
(/etc/yp.conf) points to the correct server(s) for its information.
Also, the Name Services Switch configuration file (/etc/nsswitch.conf)
must be correctly set up.
-->
ɬÍ×¤Ê¤Î¤Ï NIS ¤ÎÀßÄê¥Õ¥¡¥¤¥ë (<filename>/etc/yp.conf</filename>)
¤ÇÀµ¤·¤¤¥µ¡¼¥Ð(·²)¤«¤é¾ðÊó¤ò¤â¤é¤¨¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯¤³¤È¡¢
¤½¤·¤Æ¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥¹¥¤¥Ã¥Á¤ÎÀßÄê¥Õ¥¡¥¤¥ë
(<filename>/etc/nsswitch.conf</filename>) ¤òÀµ¤·¤¯ÀßÄꤹ¤ë¤³¤È¤Ç¤¹¡£
</Para>
<Para>
<!--O
You should install ypbind. It isn't needed by the libc, but the NIS(YP)
tools need it.
-->
<filename>ypbind</filename> ¤â¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ª¤¤Þ¤·¤ç¤¦¡£
libc ¤Ë¤ÏɬÍפ¢¤ê¤Þ¤»¤ó¤¬¡¢
NIS(YP) ¤Î³Æ¥Ä¡¼¥ë¤Ë¤Ï¤³¤ì¤¬É¬Íפˤʤê¤Þ¤¹¡£
</Para>
<Para>
<!--O
If you wish to use the include/exclude user feature (+/-guest/+@admins),
you have to use "passwd: compat" and "group: compat" in nsswitch.conf.
Note that there is no "shadow: compat"! You have to
use "shadow: files nis" in this case.
-->
¥æ¡¼¥¶¤ÎÄɲá¦ÇÓ½üµ¡Ç½ (+/-guest/+@admins) ¤òÍѤ¤¤¿¤¤¾ì¹ç¤Ï¡¢
"passwd: compat" ¤È "group: compat" ¤ò
<filename>nsswitch.conf</filename> ¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
"shadow: compat" ¤È¤¤¤¦»ØÄê¤Ï¤¢¤ê¤Þ¤»¤ó¡£
¤³¤Î¾ì¹ç¤Ï "shadow: files nis" ¤Î¤è¤¦¤Ë¤·¤Æ²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
The NYS sources are part of the libc 5 sources. When run configure,
say the first time "NO" to the "Values correct" question,
then say "YES" to "Build a NYS libc from nys".
-->
NYS ¤Î¥½¡¼¥¹¤Ï libc 5 ¤Î¥½¡¼¥¹¤ËƱº¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ configure ¤ò¼Â¹Ô¤·¡¢
"Values correct" ¤ÎÌ䤤¤ËÂФ·¤Æ°ìÅÙÌÜ¤Ï "NO" ¤ÈÅú¤¨¤Æ²¼¤µ¤¤¡£¤½¤·¤Æ
"Build a NYS libc from nys" ¤ËÂФ·¤Æ "YES" ¤ÈÅú¤¨¤Æ²¼¤µ¤¤¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Setting up a NIS Client using glibc 2.x
-->
<Title>glibc 2.x ¤òÍѤ¤¤¿ NIS ¥¯¥é¥¤¥¢¥ó¥È¤ò¥»¥Ã¥È¥¢¥Ã¥×¤¹¤ë
<IndexTerm><Primary
>NIS!client setup!using glibc 2.x</Primary></IndexTerm>
</Title>
<Para>
<!--O
The glibc uses "traditional NIS", so you need to start ypbind. The
Name Services Switch configuration file (/etc/nsswitch.conf) must be
correctly set up. If you use the compat mode for passwd, shadow or group,
you have to add the "+" at the end of this files and you can use
the include/exclude user feature. The configuration is excatly the same
as under Solaris 2.x.
-->
glibc ¤Ï trad-NIS ¤òÍøÍѤ·¤Þ¤¹¡£½¾¤Ã¤Æ ypbind ¤òµ¯Æ°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¤Þ¤¿¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥¹¥¤¥Ã¥Á¤ÎÀßÄê¥Õ¥¡¥¤¥ë
(<filename>/etc/nsswitch.conf</filename>)
¤âÀµ¤·¤¯ÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
passwd/, shadow, group ¤Ë
compat ¥â¡¼¥É¤ò»È¤¦¾ì¹ç¤Ï¡¢¤³¤ì¤é¤Î¥Õ¥¡¥¤¥ë¤ÎºÇ¸å¤Ë
"+" ¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¥æ¡¼¥¶¤ÎÄɲᦺï½üµ¡Ç½¤òÍѤ¤¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
ÀßÄê¤Ï Solaris 2.x ¤Î¤â¤Î¤È¤Þ¤Ã¤¿¤¯Æ±¤¸¤Ç¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>The nsswitch.conf File
-->
<Title>nsswitch.conf ¥Õ¥¡¥¤¥ë
<IndexTerm><Primary
>nsswitch.conf file</Primary></IndexTerm>
<IndexTerm><Primary
>NIS!nsswitch.conf file</Primary></IndexTerm>
</Title>
<Para>
<!--O
The Network Services switch file /etc/nsswitch.conf determines the
order of lookups performed when a certain piece of information is
requested, just like the /etc/host.conf file which determines the way
host lookups are performed. For example, the line
-->
¥Í¥Ã¥È¥ï¡¼¥¯¥µ¡¼¥Ó¥¹¥¹¥¤¥Ã¥Á¤Î¥Õ¥¡¥¤¥ë
<filename>/etc/nsswitch.conf</filename> ¤Ï¡¢
¾ðÊó¤Ø¤Î¥¢¥¯¥»¥¹Í׵᤬Í褿¤È¤¤Ë¹Ô¤¦¸¡º÷¤Î½çÈÖ¤ò·èÄꤹ¤ë¤â¤Î¤Ç¤¹¡£
¥Û¥¹¥È̾¤Î¸¡º÷¤ÇÍѤ¤¤é¤ì¤ë
<filename>/etc/host.conf</filename> ¥Õ¥¡¥¤¥ë¤È»÷¤Æ¤¤¤Þ¤¹¡£
Î㤨¤Ð¤³¤Î¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ
</Para>
<ProgramListing>
hosts: files nis dns
</ProgramListing>
<Para>
<!--O
specifies that host lookup functions should first look in the local
/etc/hosts file, followed by a NIS lookup and finally through the domain
name service (/etc/resolv.conf and named), at which point if no match
is found an error is returned. This file must be readable for every
user! You can find more information in the man-page nsswitch.5
or nsswitch.conf.5.
-->
¤È»ØÄꤹ¤ì¤Ð¡¢¥Û¥¹¥È̾¤Î¸¡º÷µ¡Ç½¤Ï¤Þ¤º¥í¡¼¥«¥ë¤Î
<filename>/etc/hosts</filename> ¥Õ¥¡¥¤¥ë¤òõ¤·¡¢
¼¡¤Ë NIS¡¢¤½¤·¤Æ¥É¥á¥¤¥ó¥Í¡¼¥à¥µ¡¼¥Ó¥¹
(<filename>/etc/resolv.conf</filename> ¤È
<application>named</application>) ¤È¤¤¤¦½çÈ֤Ǹ¡º÷¤ò¹Ô¤¤¤Þ¤¹¡£
ºÇ¸å¤Þ¤Ç¥Þ¥Ã¥Á¤¹¤ë¤â¤Î¤¬¤Ê¤±¤ì¤Ð¡¢
¥¨¥é¡¼¤¬ÊÖ¤µ¤ì¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤ÏÁ´¤Æ¤Î¥æ¡¼¥¶¤«¤é
Æɤ߼è¤ê²Äǽ¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡ª¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ï nsswitch.5 ¤«
nsswitch.conf.5 ¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò¸«¤Æ¤¯¤À¤µ¤¤¡£
</Para>
<Para>
<!--O
A good /etc/nsswitch.conf file for NIS is:
-->
NIS ÍѤΠ<filename>/etc/nsswitch.conf</filename> ¥Õ¥¡¥¤¥ë¤È¤·¤Æ¤Ï¡¢
°Ê²¼¤Î¤è¤¦¤Ê¤â¤Î¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
</Para>
<ProgramListing>
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the /var/db databases
# [NOTFOUND=return] Stop searching if not found so far
#
passwd: compat
group: compat
# For libc5, you must use shadow: files nis
shadow: compat
passwd_compat: nis
group_compat: nis
shadow_compat: nis
hosts: nis files dns
services: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
netgroup: nis
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
automount: files
aliases: nis [NOTFOUND=return] files
</ProgramListing>
<Para>
<!--O
passwd_compat, group_compat and shadow_compat are only supported by glibc 2.x.
If there are no shadow rules in /etc/nsswitch.conf, glibc will use the passwd
rule for lookups. There are some more lookup module for glibc like hesoid.
For more information, read the glibc documentation.
-->
passwd_compat, group_compat, shadow_compat ¤Ï
glibc 2.x ¤Ç¤Î¤ß¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
<filename>/etc/nsswitch.conf</filename>
¤Ë shadow ¥ë¡¼¥ë¤¬¤Ê¤±¤ì¤Ð¡¢
glibc ¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î¸¡º÷¤Ë passwd ¥ë¡¼¥ë¤òÍѤ¤¤Þ¤¹¡£
glibc ÍѤθ¡º÷¥â¥¸¥å¡¼¥ë¤È¤·¤Æ¡¢ hesoid ¤Î¤è¤¦¤Ê¤â¤Î¤â¸ºß¤·¤Æ¤¤¤Þ¤¹¡£
¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ï glibc ¤Îʸ½ñ¤òÆɤó¤Ç¤¯¤À¤µ¤¤¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Shadow Passwords with NIS
-->
<Title>Shadow ¥Ñ¥¹¥ï¡¼¥É¤È NIS
<IndexTerm><Primary
>NIS!shadow passwords</Primary></IndexTerm>
</Title>
<Para>
<!--O
Shadow passwords over NIS are always a bad idea. You loose the security,
which shadow gives you, and it is supported by only some few Linux C
Libraries. A good way to avoid shadow passwords over NIS is,
to put only the local system users in /etc/shadow. Remove the NIS user
entries from the shadow database, and put the password back in passwd.
So you can use shadow for the root login, and normal passwd for NIS
user. This has the advantage that it will work with every NIS client.
-->
NIS ¤Ë shadow ¥Ñ¥¹¥ï¡¼¥É¤òήÄ̤µ¤»¤ë¤Î¤ÏÎɤ¤¹Í¤¨¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
shadow ¥·¥¹¥Æ¥à¤Î¥á¥ê¥Ã¥È¤Ç¤¢¤ë¥»¥¥å¥ê¥Æ¥£¤¬¼º¤ï¤ì¤Æ¤·¤Þ¤¦¤«¤é¤Ç¤¹¡£
¤½¤ì¤Ë¤³¤ì¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë Linux C ¥é¥¤¥Ö¥é¥ê¤Ï¾¯¿ô¤Ë²á¤®¤Þ¤»¤ó¡£
NIS ¾å¤Ë shadow ¤òή¤µ¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
¥í¡¼¥«¥ë¥·¥¹¥Æ¥à¤Î¥æ¡¼¥¶¤À¤±¤ò
<filename>/etc/shadow</filename> ¤ËÅÐÏ¿¤¹¤ë¤³¤È¤Ç¤¹¡£
NIS ¤Ëή¤¹¥æ¡¼¥¶¥¨¥ó¥È¥ê¤ò shadow ¥Ç¡¼¥¿¥Ù¡¼¥¹¤«¤éºï½ü¤·¡¢
¤½¤ì¤é¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï passwd ¤Ë½ñ¤¤¤Æ²¼¤µ¤¤¡£
¤³¤¦¤¹¤ì¤Ð root ¥í¥°¥¤¥ó¤Ë¤Ï shadow ¤ò¡¢
°ìÈ̤ΠNIS ¥æ¡¼¥¶¤Ë¤Ï passwd ¤òÍѤ¤¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
¤³¤ÎÊýË¡¤Ê¤é¡¢¤¹¤Ù¤Æ¤Î NIS ¥¯¥é¥¤¥¢¥ó¥È¤Ç¤¦¤Þ¤¯Æ°ºî¤·¤Þ¤¹¡£
</Para>
<Sect3>
<Title>Linux</Title>
<Para>
<!--O
The only Linux libc which supports shadow passwords over NIS, is the
GNU C Library 2.x. Linux libc5 has no support for it. Linux
libc5 compiled with NYS enabled has some code for it. But this code
is badly broken in some cases and doesn't work with all correct
shadow entries.
-->
NIS ¤Ç shadow ¥Ñ¥¹¥ï¡¼¥É¤òÍѤ¤¤ë¤³¤È¤¬¤Ç¤¤ëÍ£°ì¤Î Linux libc ¤Ï
GNU C Library 2.x ¤Ç¤¹¡£ Linux libc5 ¤Ï¤³¤ì¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó¡£
Linux libc5 ¤ò NYS ¤È°ì½ï¤Ë¥³¥ó¥Ñ¥¤¥ë¤·¤¿¾ì¹ç¤Ï¡¢
¿¾¯¤Î¥³¡¼¥É¤¬´Þ¤Þ¤ì¤ë¤³¤È¤Ë¤Ï¤Ê¤ê¤Þ¤¹¡£
¤Ç¤â¤³¤Î¥³¡¼¥É¤Ï¾õ¶·¤Ë¤è¤Ã¤Æ¤Ï¤Ò¤É¤¯²õ¤ì¤Æ¤·¤Þ¤¤¡¢
shadow ¥¨¥ó¥È¥ê¤¬Á´¤ÆÀµ¤·¤¤¾ì¹ç¤Ç¤âÆ°ºî¤·¤Ê¤¤¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
</Para>
</Sect3>
<Sect3>
<Title>Solaris</Title>
<Para>
<!--O
Solaris does not support shadow passwords over NIS.
-->
Solaris ¤Ï NIS ¾å¤Ç¤Î shadow ¥Ñ¥¹¥ï¡¼¥É¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó¡£
</Para>
</Sect3>
<Sect3>
<Title>PAM
<IndexTerm><Primary
>PAM!shadow passwords</Primary></IndexTerm>
</Title>
<Para>
<!--O
PAM does not support Shadow passwords over NIS, especially
pam_pwdb/libpwdb. This is a big problem for RedHat 5.x users. If you
have glibc and PAM, you need to change the /etc/pam.d/* entries.
Replace all pam_pwdb rules through pam_unix_*
modules. Due a bug in the pam_unix_auth.so module this will not always
work.
-->
PAM ¤Ï NIS ¾å¤Ç¤Î shadow ¥Ñ¥¹¥ï¡¼¥É¤ò¥µ¥Ý¡¼¥È¤·¤Þ¤»¤ó¡£
ÆÃ¤Ë pam_pwdb/libpwdb ¤¬¤À¤á¤Ê¤ó¤Ç¤¹¡£
¤³¤ì¤Ï RedHat 5.x ¥æ¡¼¥¶¤Ë¤È¤Ã¤ÆÂ礤ÊÌäÂê¤Ç¤¹¡£
glibc ¤È PAM ¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢
/etc/pam.d/* ¤Î¥¨¥ó¥È¥ê¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
pam_unix_* ¥â¥¸¥å¡¼¥ë¤Ë¤¢¤ë
pam_pwdb ¤Î¥ë¡¼¥ë¤òÃÖ¤´¹¤¨¤Æ²¼¤µ¤¤¡£
¤·¤«¤· pam_unix_auth.so ¥â¥¸¥å¡¼¥ë¤Ë¤Ï¥Ð¥°¤¬¤¢¤ë¤Î¤Ç¡¢
¤³¤ì¤Ïɬ¤ºÆ°ºî¤¹¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
An example /etc/pam.d/login file looks like:
-->
<filename>/etc/pam.d/login</filename> ¤ÎÎã¤ò°Ê²¼¤Ë¤¢¤²¤Þ¤¹¡£
</Para>
<ProgramListing>
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_unix.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
</ProgramListing>
</Sect3>
</Sect2>
</Sect1>
<Sect1 id="nisplus-setup">
<!--O
<Title>What do you need to set up NIS+ ?</Title>
-->
<Title>NIS+ ¤ÎÀßÄê</Title>
<Sect2>
<!--O
<Title>The Software
-->
<Title>¥½¥Õ¥È¥¦¥§¥¢
<IndexTerm><Primary
>NIS+!software required</Primary></IndexTerm>
</Title>
<Para>
<!--O
The Linux NIS+ client code was developed for the GNU C library 2.
There is also a port for Linux libc5, since most commercial Applications
are linked against this library, and you cannot recompile them for
using glibc. There are problems with libc5 and NIS+:
static programs cannot be linked with it, and programs compiled
with this library will
not work with other libc5 versions.
-->
Linux ¤Î NIS+ ¥¯¥é¥¤¥¢¥ó¥È¥³¡¼¥É¤Ï GNU C ¥é¥¤¥Ö¥é¥ê¤Î¥Ð¡¼¥¸¥ç¥ó 2 ÍѤË
³«È¯¤µ¤ì¤Æ¤¤Þ¤·¤¿¡£¤³¤ì¤ò libc5 ¤Ø°Ü¿¢¤·¤¿¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
¾¦ÍÑ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¤Û¤È¤ó¤É¤Ï libc5 ¤Ë¥ê¥ó¥¯¤µ¤ì¤Æ¤¤¤Þ¤¹¤·¡¢
¤³¤ì¤é¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò glibc ¸þ¤±¤ËºÆ¥³¥ó¥Ñ¥¤¥ë¤¹¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¤«¤é¡£
¤¿¤À¤· libc5 ¤È NIS+ ¤òƱ»þ¤Ë»È¤¦ºÝ¤Ë¤ÏÌäÂ꤬¤¢¤ê¤Þ¤¹¡£
¥¹¥¿¥Æ¥£¥Ã¥¯¤Ê¥×¥í¥°¥é¥à¤Ï libc5 ¤Ë¥ê¥ó¥¯¤¹¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¤·¡¢
¤³¤Î¥é¥¤¥Ö¥é¥ê¤Ç¥³¥ó¥Ñ¥¤¥ë¤·¤¿¥×¥í¥°¥é¥à¤Ï
¾¤Î¥Ð¡¼¥¸¥ç¥ó¤Î libc5 ¤Ç¤ÏÆ°ºî¤·¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
You need to retrieve and compile the GNU C Library 2.1 for Intel
based platforms, or GNU C Library 2.1.1 for 64bit platforms.
As base System you need a glibc based Distribution like Debian,
RedHat or SuSE Linux.
-->
GNU C Library 2.1 ¤ò¼ê¤ËÆþ¤ì¡¢¥³¥ó¥Ñ¥¤¥ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
64bit ¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤Ê¤é GNU C Library 2.1.1 ¤Ç¤¹¡£
¥Ù¡¼¥¹¤Î¥·¥¹¥Æ¥à¤È¤·¤Æ¡¢ glibc ¥Ù¡¼¥¹¤ÎÇÛÉۥѥ屡¼¥¸¤â
ɬÍפˤʤê¤Þ¤¹¡£ Debian, RedHat, SuSE Linux ¤Ê¤É¤Ç¤¹¡£
</Para>
<Para>
<!--O
For every distribution, you need to recompile the gcc/g++ compiler,
libstdc++ and ncures. For Redhat, you need to make a lot of
changes of the PAM configuration. For SuSE Linux 6.0, you need
to recompile the shadow package.
-->
¤É¤Î¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ç¤â¡¢ gcc/g++ ¥³¥ó¥Ñ¥¤¥é¡¢
libstdc++, ncurses ¤òºÆ¥³¥ó¥Ñ¥¤¥ë¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
Redhat ¤Ç¤Ï PAM ¤ÎÀßÄê¤òÂçÉý¤ËÊѹ¹¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
SuSE Linux 6.0 ¤Ç¤Ï
shadow ¥Ñ¥Ã¥±¡¼¥¸¤òºÆ¥³¥ó¥Ñ¥¤¥ë¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
The NIS+ client software can be obtained from:
-->
NIS+ ¥¯¥é¥¤¥¢¥ó¥È¤Î¥½¥Õ¥È¥¦¥§¥¢¤Ï°Ê²¼¤«¤éÆþ¼ê¤Ç¤¤Þ¤¹¡£
</Para>
<!--O
<Screen>
Site Directory File Name
ftp.funet.fi /pub/gnu/funet libc-*, glibc-crypt-*,
glibc-linuxthreads-*
ftp.kernel.org /pub/linux/utils/net/NIS+ nis-utils-1.3.tar.gz
</Screen>
-->
<InformalTable frame=none>
<tgroup cols=2>
<thead>
<row>
<entry>Site and Directory</entry>
<entry>Filename</entry>
</row>
</thead>
<tbody>
<row>
<entry morerows=2><ULink URL="ftp://ftp.funet.fi/pub/gnu/funet/"
>ftp.funet.fi:/pub/gnu/funet</ULink></entry>
<entry>libc-*</entry>
</row>
<row><entry>glibc-crypt-*</entry></row>
<row><entry>glibc-linuxthreads-*</entry></row>
<row>
<entry><ULink URL="ftp://ftp.kernel.org/pub/linux/utils/net/NIS+/"
>ftp.kernel.org:/pub/linux/utils/net/NIS+</ULink></entry>
<entry>nis-utils-1.3.tar.gz</entry>
</row>
</tbody>
</tgroup>
</InformalTable>
<Para>
<!--O
You should also have a look at
<ULink
URL="http://www.suse.de/~kukuk/nisplus/"
>http://www.suse.de/~kukuk/nisplus/</ULink
>
for more information and the latest sources.
-->
<ULink URL="http://www.suse.de/~kukuk/nisplus/"
>http://www.suse.de/~kukuk/nisplus/</ULink>
¤Ë¤Ï¡¢¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤ÈºÇ¿·¤Î¥½¡¼¥¹¤¬¤¢¤ê¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Setting up a NIS+ client
-->
<Title>NIS+ ¥¯¥é¥¤¥¢¥ó¥È¤Î¥»¥Ã¥È¥¢¥Ã¥×
<IndexTerm><Primary
>NIS+!client setup</Primary></IndexTerm>
</Title>
<Para>
<!--O
IMPORTANT: For setting up a NIS+ client read your Solaris NIS+ docs
what to do on the server side! This document only describes what to do
on the client side!
-->
½ÅÍס§ NIS+ ¥¯¥é¥¤¥¢¥ó¥È¤ò¥»¥Ã¥È¥¢¥Ã¥×¤¹¤ëÁ°¤Ë¡¢ Solaris ¤Î NIS+ ¥É¥¥å
¥á¥ó¥È¤òÆɤó¤Ç¥µ¡¼¥Ð¦¤ÇɬÍפʺî¶È¤ò¹Ô¤Ã¤Æ²¼¤µ¤¤¡£¤³¤Îʸ½ñ¤Ç¤Ï¥¯¥é¥¤¥¢
¥ó¥È¦¤Ç¤É¤¦¤¹¤ì¤Ð¤è¤¤¤«¤Ë¤Ä¤¤¤Æ¤·¤«½Ò¤Ù¤Æ¤¤¤Þ¤»¤ó¡ª
</Para>
<Para>
<!--O
After installing the new libc and nis-tools, create the credentials for
the new client on the NIS+ server. Make sure portmap is running. Then
check if your Linux PC has the same time as the NIS+ Server. For secure RPC,
you have only a small window from about 3 minutes, in which the credentials
are valid. A good idea is to run xntpd on every host. After this, run
-->
¿·¤·¤¤ libc ¤È nis-tools ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¤é¡¢
NIS+ ¥µ¡¼¥Ð¾å¤Ç¤³¤Î¿·¤¿¤Ê¥¯¥é¥¤¥¢¥ó¥ÈÍѤο®Ç¤¾Ú (credential) ¤òºîÀ®¤·¤Þ¤¹¡£
portmap ¤¬Æ°ºî¤·¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¤¹¤ë¤è¤¦¤Ë¤·¤Æ²¼¤µ¤¤¡£
¼¡¤Ë¥¯¥é¥¤¥¢¥ó¥È¤Ë¤¹¤ë Linux PC ¤Î»þ¹ï¤¬
NIS+ ¥µ¡¼¥Ð¤È°ìÃפ·¤Æ¤¤¤ë¤«¥Á¥§¥Ã¥¯¤·¤Æ²¼¤µ¤¤¡£
secure RPC ¤Î¾ì¹ç¤Ï¡¢¿®Ç¤¾Ú¤Î͸ú´ü´Ö¤Ï
3 ʬ¤·¤«¤¢¤ê¤Þ¤»¤ó¡£¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Ç
<application>xntpd</application> ¤òÁö¤é¤»¤ë¤Î¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
¤³¤ì¤é¤¬³Îǧ¤Ç¤¤¿¤é°Ê²¼¤ò¼Â¹Ô¤·¤Þ¤¹¡£
</Para>
<Para>
<Screen>
domainname nisplus.domain.
nisinit -c -H <NIS+ server>
</Screen>
</Para>
<Para>
<!--O
to initialize the cold start file. Read the nisinit man page for more
options. Make sure that the domainname will always be set after a reboot.
If you don't know what the NIS+ domain name is on your network, ask
your system/network administrator.
-->
¤³¤ì¤Ë¤è¤Ã¤Æ cold ¥¹¥¿¡¼¥È¥Õ¥¡¥¤¥ë¤¬½é´ü²½¤µ¤ì¤Þ¤¹¡£
¾¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤Ï
<command>nisinit</command> ¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤òÆɤó¤Ç²¼¤µ¤¤¡£
¥É¥á¥¤¥ó¥Í¡¼¥à¤Ï¥ê¥Ö¡¼¥È¤Î¤¿¤Ó¤ËÀßÄꤵ¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¤¤Æ²¼¤µ¤¤¡£
¤¢¤Ê¤¿¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î NIS+ ¥É¥á¥¤¥ó¥Í¡¼¥à¤¬¤ï¤«¤é¤Ê¤¤¾ì¹ç¤Ï¡¢
¥·¥¹¥Æ¥à¤«¥Í¥Ã¥È¥ï¡¼¥¯¤Î´ÉÍý¼Ô¤Ë¿Ò¤Í¤Æ²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
Now you should change your /etc/nsswitch.conf file. Make sure that the
only service after publickey is nisplus ("publickey: nisplus"), and nothing
else!
-->
¼¡¤Ë <filename>/etc/nsswitch.conf</filename> ¥Õ¥¡¥¤¥ë¤òÊѹ¹¤·¤Þ¤¹¡£
publickey ¤Ë½ñ¤±¤ë¥µ¡¼¥Ó¥¹¤Ï nisplus ¤À¤± ("publickey: nisplus") ¤Ç¡¢
¾¤Î¤â¤Î¤Ï½ñ¤¤¤Æ¤Ï¤Ê¤é¤Ê¤¤¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
Then start keyserv and make sure, that it will always be started
as first daemon after portmap at boot time. Run
-->
¼¡¤Ë <command>keyserv</command> ¤òµ¯Æ°¤·¤Æ²¼¤µ¤¤¡£¤³¤ì¤Ï¥Ö¡¼¥È»þ¤Ë¡¢
ɬ¤º portmap ¤Îľ¸å¤Ëµ¯Æ°¤µ¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¤¤Æ²¼¤µ¤¤¡£¤³¤¦¤·¤Æ
<Screen>
keylogin -r
</Screen>
<!--O
to store the root secretkey on your system. (I hope you have added the
publickey for the new host on the NIS+ Server?).
-->
¤È¤¹¤ì¤Ð¥·¥¹¥Æ¥à¤Î root ¤ÎÈëÌ©¸°¤¬Êݴɤµ¤ì¤Þ¤¹
(¤â¤¦¤³¤Î¿·¤·¤¤¥Û¥¹¥È¤Î¸ø³«¸°¤Ï NIS+ ¤Î¥µ¡¼¥Ð¤ËÄɲä·¤Þ¤·¤¿¤è¤Í¡©)¡£
</Para>
<Para>
<!--O
"niscat passwd.org_dir" should now show you all entries in the passwd database.
-->
<command>niscat passwd.org_dir</command>
¤È¤¹¤ì¤Ð¡¢
passwd ¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤ò¸«¤ë¤³¤È¤¬¤Ç¤¤ë¤Ï¤º¤Ç¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>NIS+, keylogin, login and PAM
-->
<Title>NIS+, keylogin, login ¤ª¤è¤Ó PAM
<IndexTerm><Primary
>NIS+!use of PAM with</Primary></IndexTerm>
</Title>
<Para>
<!--O
When the user logs in, he need to set his secretkey to keyserv. This is done
by calling "keylogin". The login from the shadow package will do this for the
user, if it was compiled against glibc 2.1. For a PAM aware login, you have
to change the /etc/pam.d/login file to
use pam_unix2, not pwdb, which doesn't support NIS+. An example:
-->
¥í¥°¥¤¥ó¤·¤¿¤È¤¤Ë¡¢¥æ¡¼¥¶¤Ï¼«Ê¬¤ÎÈëÌ©¸°¤ò
<application>keyserv</application> ¤Ë¥»¥Ã¥È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¤³¤ì¤Ë¤Ï <command>keylogin</command> ¤òÍѤ¤¤Þ¤¹¡£
glibc 2.1 ¤È¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿¾ì¹ç¤Ë¤Ï¡¢ shadow ¥Ñ¥Ã¥±¡¼¥¸¤Î
<command>login</command> ¤Ï¤³¤ì¤ò¥æ¡¼¥¶¤ÎÂå¤ï¤ê¤Ë¼Â¹Ô¤·¤Æ¤¯¤ì¤Þ¤¹¡£
PAM ¤òǧ¼±¤¹¤ë <command>login</command> ¤òÍÑ°Õ¤¹¤ë¤Ë¤Ï¡¢
<filename>pam_keylogin-1.2.tar.gz</filename> ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¡¢
<filename>/etc/pam.d/login</filename> ¥Õ¥¡¥¤¥ë¤òÊѹ¹¤·¤Æ pwdb ¤ÎÂå¤ï¤ê¤Ë
pam&_unix_auth ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹
(pwdb ¤Ï NIS+ ¤ò¥µ¥Ý¡¼¥È¤·¤Þ¤»¤ó)¡£Îã¤ò¼¨¤·¤Þ¤¹¡£
</Para>
<Para>
<ProgramListing>
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_unix2.so set_secrpc
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix2.so
password required /lib/security/pam_unix2.so
session required /lib/security/pam_unix2.so
</ProgramListing>
</Para>
</Sect2>
<Sect2>
<!--O
<Title>The nsswitch.conf File
-->
<Title>nsswitch.conf ¥Õ¥¡¥¤¥ë
<IndexTerm><Primary
>nsswitch.conf file</Primary></IndexTerm>
<IndexTerm><Primary
>NIS+!nsswitch.conf file</Primary></IndexTerm>
</Title>
<Para>
<!--O
The Network Services switch file /etc/nsswitch.conf determines the
order of lookups performed when a certain piece of information is
requested, just like the /etc/host.conf file which determines the way
host lookups are performed. For example, the line
-->
¥Í¥Ã¥È¥ï¡¼¥¯¥µ¡¼¥Ó¥¹¥¹¥¤¥Ã¥Á¤Î¥Õ¥¡¥¤¥ë
<filename>/etc/nsswitch.conf</filename> ¤Ï¡¢
¾ðÊó¤Ø¤Î¥¢¥¯¥»¥¹Í׵᤬Í褿¤È¤¤Ë¹Ô¤¦¸¡º÷¤Î½çÈÖ¤ò·èÄꤹ¤ë¤â¤Î¤Ç¤¹¡£
¥Û¥¹¥È̾¤Î¸¡º÷¤ÇÍѤ¤¤é¤ì¤ë
<filename>/etc/host.conf</filename> ¥Õ¥¡¥¤¥ë¤È»÷¤Æ¤¤¤Þ¤¹¡£
Î㤨¤Ð¤³¤Î¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ
</Para>
<Para>
<ProgramListing>
hosts: files nisplus dns
</ProgramListing>
</Para>
<Para>
<!--O
specifies that host lookup functions should first look in the local
/etc/hosts file, followed by a NIS+ lookup and finally through the domain
name service (/etc/resolv.conf and named), at which point if no match
is found an error is returned.
-->
¤È»ØÄꤹ¤ì¤Ð¡¢¥Û¥¹¥È̾¤Î¸¡º÷µ¡Ç½¤Ï¤Þ¤º¥í¡¼¥«¥ë¤Î
<filename>/etc/hosts</filename>
¥Õ¥¡¥¤¥ë¤òõ¤·¡¢¼¡¤Ë NIS+¡¢¤½¤·¤Æ¥É¥á¥¤¥ó¥Í¡¼¥à¥µ¡¼¥Ó¥¹
(<filename>/etc/resolv.conf</filename> ¤È <application>named</application>)
¤È¸À¤¦½çÈ֤Ǹ¡º÷¤ò¹Ô¤¤¤Þ¤¹¡£
ºÇ¸å¤Þ¤Ç¥Þ¥Ã¥Á¤¹¤ë¤â¤Î¤¬¤Ê¤±¤ì¤Ð¥¨¥é¡¼¤¬ÊÖ¤µ¤ì¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
A good /etc/nsswitch.conf file for NIS+ is:
-->
NIS+ ÍѤΠ<filename>/etc/nsswitch.conf</filename> ¥Õ¥¡¥¤¥ë¤Ï¡¢
°Ê²¼¤Î¤è¤¦¤Ê¤â¤Î¤Ë¤·¤Æ¤ª¤±¤ÐÎɤ¤¤Ç¤·¤ç¤¦¡£
</Para>
<ProgramListing>
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the /var/db databases
# [NOTFOUND=return] Stop searching if not found so far
#
passwd: compat
group: compat
shadow: compat
passwd_compat: nisplus
group_compat: nisplus
shadow_compat: nisplus
hosts: nisplus files dns
services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files
netgroup: nisplus
bootparams: nisplus [NOTFOUND=return] files
publickey: nisplus
automount: files
aliases: nisplus [NOTFOUND=return] files
</ProgramListing>
</Sect2>
</Sect1>
<Sect1 id="ypserv">
<!--O
<Title>Setting up a NIS Server
-->
<Title>NIS ¥µ¡¼¥Ð¤ÎÀßÄê
<IndexTerm><Primary
>NIS!server setup</Primary></IndexTerm>
</Title>
<Sect2>
<!--O
<Title>The Server Program ypserv
-->
<Title>¥µ¡¼¥Ð¥×¥í¥°¥é¥à ypserv
<IndexTerm><Primary
>ypserv!setup</Primary></IndexTerm>
<IndexTerm><Primary
>NIS!ypserv setup</Primary></IndexTerm>
</Title>
<Para>
<!--O
This document only describes how to set up the "ypserv" NIS server.
-->
¤³¤Îʸ½ñ¤Ç¤Ï¡¢ NIS ¥µ¡¼¥Ð¤È¤·¤Æ¤Ï "ypserv" ¤Î
ÀßÄêÊýË¡¤Î¤ß¤òµ¤·¤Þ¤¹¡£
</Para>
<Para>
<!--O
The NIS server software can be found on:
-->
NIS ¥µ¡¼¥Ð¤Î¥½¥Õ¥È¤Ï°Ê²¼¤Ë¤¢¤ê¤Þ¤¹¡£
</Para>
<!--O
<Screen>
Site Directory File Name
ftp.kernel.org /pub/linux/utils/net/NIS ypserv-1.3.11.tar.gz
</Screen>
-->
<InformalTable frame=none>
<tgroup cols=2>
<thead>
<row>
<entry>Site and Directory</entry>
<entry>Filename</entry>
</row>
</thead>
<tbody>
<row>
<entry morerows=2><ULink URL="ftp://ftp.kernel.org/pub/linux/utils/net/NIS/"
>ftp.kernel.org:/pub/linux/utils/net/NIS</ULink></entry>
<entry>ypserv-1.3.11.tar.gz</entry>
</row>
</tbody>
</tgroup>
</InformalTable>
<Para>
<!--O
You could also look at
<ULink
URL="http://www.suse.de/~kukuk/nis/"
>http://www.suse.de/~kukuk/nis/</ULink
>
for more information.
-->
<ULink
URL="http://www.suse.de/~kukuk/nis/"
>http://www.suse.de/~kukuk/nis/</ULink
>
¤Ë¡¢¤è¤ê¾Ü¤·¤¤¾ðÊ󤬤¢¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
The server setup is the same for both traditional NIS and NYS.
-->
¥µ¡¼¥Ð¤Î¥»¥Ã¥È¥¢¥Ã¥×ÊýË¡¤Ï trad-NIS / NYS ¤É¤Á¤é¤Î¾ì¹ç¤Ç¤âƱ¤¸¤Ç¤¹¡£
</Para>
<Para>
<!--O
Compile the software to generate the <Literal remap="tt">ypserv</Literal> and <Literal remap="tt">makedbm</Literal>
programs. You can configure ypserv to use the securenets file or
the tcp_wrappers. The tcp_wrapper is much more flexible, but a lot of
people have big problems with it. And some configuration files for
tcp_wrappers may cause a memory leak. If you have problems with
ypserv compiled for tcp_wrapper, recompile it using the securenets file.
ypserv -\-version tells you, which version you have.
-->
¥³¥ó¥Ñ¥¤¥ë¤·¤Æ <filename>ypserv</filename> ¤È
<filename>makedbm</filename> ¤òºî¤ê¤Þ¤¹¡£
<filename>securenets</filename> ¥Õ¥¡¥¤¥ë¤ò»È¤¦¤«
<application>tcp_wrapper</application> ¤ò»È¤¦¤«¤òÀßÄê¤Ç¤¤Þ¤¹¡£
<application>tcp_wrapper</application> ¤ÎÊý¤¬¤º¤Ã¤È½ÀÆð¤Ç¤¹¤¬¡¢
¤³¤ì¤¬ÌäÂê¤Î¸¶°ø¤È¤Ê¤ë¾ì¹ç¤â¿¤¯ÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£
<application>tcp_wrapper</application>
¤ÏÀßÄê¥Õ¥¡¥¤¥ë¤Î½ñ¤Êý¤Ë¤è¤Ã¤Æ¤Ï¥á¥â¥ê¡¼¥ê¡¼¥¯¤òµ¯¤³¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£
¤â¤· <application>tcp_wrapper</application> ¤ò»È¤¦¤è¤¦¤Ë
<application>ypserv</application> ¤ò¥³¥ó¥Ñ¥¤¥ë¤·¤ÆÌäÂ꤬µ¯¤³¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢
<filename>securenets</filename> ¥Õ¥¡¥¤¥ë¤ò
ÍѤ¤¤ë¤è¤¦¤Ë¥³¥ó¥Ñ¥¤¥ë¤·¤Ê¤ª¤·¤Æ¤¯¤À¤µ¤¤¡£
<command>ypserv <option>--version</option></command> ¤È¤¹¤ì¤Ð
¤É¤Á¤é¤Î¥Ð¡¼¥¸¥ç¥ó¤ò»È¤Ã¤Æ¤¤¤ë¤«Ê¬¤«¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
If you run your server as master, determine what files you require to be
available via NIS and then add or remove the appropriate
entries to the "all" rule in <Literal remap="tt">/var/yp/Makefile</Literal>. You always
should look at the Makefile and edit the Options at the beginning of
the file.
-->
¥µ¡¼¥Ð¤ò¥Þ¥¹¥¿¡¼¤È¤·¤Æµ¯Æ°¤¹¤ë¾ì¹ç¤Ï¡¢
NIS ¤òÍѤ¤¤Æ¶¦Í¤µ¤»¤ë¥Õ¥¡¥¤¥ë¤ò·è¤á¤Æ¤¯¤À¤µ¤¤¡£
¤½¤·¤Æ <filename>/var/yp/Makefile</filename> ¤Î
"all" ¥ë¡¼¥ë¤ËɬÍפʤâ¤Î¤ò²Ã¤¨¤¿¤ê¡¢ÉÔÍפʤâ¤Î¤òºï½ü¤·¤¿¤ê¤·¤Æ¤¯¤À¤µ¤¤¡£
¤Þ¤¿ Makefile ¤ÎÀèƬ¤ÎÊý¤âɬ¤º¸«¤Æ¡¢
¥ª¥×¥·¥ç¥ó¤ò¼«Ê¬¤Î´Ä¶¤Ë¤¢¤ï¤»¤ÆÊÔ½¸¤·¤Æ¤ª¤¯¤Ù¤¤Ç¤¹¡£
</Para>
<Para>
<!--O
There was one big change between ypserv 1.1 and ypserv 1.2. Since
version 1.2, the file handles are cached. This means you have to
call makedbm always with the -c option if you create new maps. Make
sure, you are using the
new <Literal remap="tt">/var/yp/Makefile</Literal> from ypserv 1.2 or later, or add the -c flag
to makedbm in the Makefile. If you don't do that, ypserv will continue to
use the old maps, and not the updated one.
-->
ypserv 1.1 ¤È ypserv 1.2 ¤È¤Î´Ö¤Ç¤Ï¡¢Â礤ÊÊѹ¹¤¬¹Ô¤ï¤ì¤Þ¤·¤¿¡£
1.2 °Ê¹ß¤Ç¤Ï¡¢¥Õ¥¡¥¤¥ë¥Ï¥ó¥É¥ë¤¬¥¥ã¥Ã¥·¥å¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤Î¤Ç¤¹¡£
¤³¤ì¤Ë¤è¤ê¡¢¿·¤·¤¤¥Þ¥Ã¥×¤òÀ¸À®¤¹¤ë¤È¤¤Ë¤Ïɬ¤º makedbm ¤Ë -c
¥ª¥×¥·¥ç¥ó¤ò¤Ä¤±¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£
<filename>/var/yp/Makefile</filename> ¤¬
ypserv 1.2 °Ê¹ß¤ËÉÕ°¤Î¤â¤Î¤Ç¤¢¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
¤¢¤ë¤¤¤Ï Makefile Ãæ¤Î makedbm ¤Ë¡¢¼ê¤Ç -c ¥Õ¥é¥°¤ò²Ã¤¨¤Æ²¼¤µ¤¤¡£
¤³¤ì¤ò˺¤ì¤ë¤È¡¢ypserv ¤Ï¹¹¿·¤µ¤ì¤¿¥Þ¥Ã¥×¤Ç¤Ï¤Ê¤¯¡¢
¸Å¤¤¥Þ¥Ã¥×¤ò»È¤¤Â³¤±¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
</Para>
<Para>
<!--O
Now edit <Literal remap="tt">/var/yp/securenets</Literal> and <Literal remap="tt">/etc/ypserv.conf</Literal>.
For more information, read the ypserv(8) and ypserv.conf(5) manual pages.
-->
¼¡¤Ë <filename>/var/yp/securenets</filename> ¤È
<filename>/etc/ypserv.conf</filename> ¤òÊÔ½¸¤·¤Þ¤¹¡£
¾ÜºÙ¤Ï ypserv(8) ¤È ypserv.conf(5) ¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤òÆɤó¤Ç²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
Make sure the portmapper (portmap(8)) is running, and start the
server <Literal remap="tt">ypserv</Literal>. The command
-->
¥Ý¡¼¥È¥Þ¥Ã¥Ñ (<command>rpc.portmap</command>) ¤¬Æ°¤¤¤Æ¤¤¤ë¤«³Îǧ¤·¤Æ²¼¤µ¤¤¡£
³Îǧ¤Ç¤¤¿¤é <command>ypserv</command> ¤òÆ°¤«¤·¤Þ¤¹¡£
</Para>
<Para>
<Screen>
% rpcinfo -u localhost ypserv
</Screen>
</Para>
<Para>
<!--O
should output something like
-->
¤È¤¤¤¦¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤ß¤Æ¡¢
<Screen>
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
</Screen>
¤È½ÐÎϤµ¤ì¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
</Para>
<Para>
<!--O
The "version 1" line could be missing, depending on the ypserv version and
configuration you are using. It is only necessary if you have old
SunOS 4.x clients.
-->
"version 1" ¤Î¹Ô¤Ï¡¢ ypserv ¤Î¥Ð¡¼¥¸¥ç¥ó¤äÍѤ¤¤¿ÀßÄê¤Ë¤è¤Ã¤Æ¤Ï
½Ð¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤³¤ì¤¬É¬Íפˤʤë¤Î¤ÏÀΤΠSunOS 4.x ¤ò
¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤Æ»È¤¦¾ì¹ç¤À¤±¤Ç¤¹¡£
</Para>
<Para>
<!--O
Now generate the NIS (YP) database. On the master, run
-->
¤³¤³¤Ç NIS (YP) ¥Ç¡¼¥¿¤òºîÀ®¤·¤Þ¤¹¡£
¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Ç°Ê²¼¤ò¼Â¹Ô¤·¤Æ²¼¤µ¤¤¡£
</Para>
<Para>
<Screen>
% /usr/lib/yp/ypinit -m
</Screen>
</Para>
<Para>
<!--O
On a slave make sure that <Literal remap="tt">ypwhich -m</Literal> works. This means,
that your slave
must be configured as NIS client before you could run
-->
¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤Ç¤Ï¡¢
<command>ypwhich <option>-m</option></command>
¤¬µ¡Ç½¤¹¤ë¤³¤È¤ò³Îǧ¤·¤Æ²¼¤µ¤¤¡£
¤Ä¤Þ¤ê¥¹¥ì¡¼¥Ö¤Ë¤¹¤ë¥Û¥¹¥È¤Ï¡¢¤Þ¤º NIS ¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤ÆÆ°ºî¤Ç¤¤Ê¤±
¤ì¤Ð¤Ê¤é¤Ê¤¤¤Î¤Ç¤¹¡£
³Îǧ¤Ç¤¤¿¤é°Ê²¼¤ò¼Â¹Ô¤·¤Æ¡¢¤³¤Î¥Û¥¹¥È¤ò NIS ¥¹¥ì¡¼¥Ö¤Ë¤·¤Þ¤¹¡£
</Para>
<Screen>
% /usr/lib/yp/ypinit -s masterhost
</Screen>
<!--O
to install the host as NIS slave.
-->
<Para>
<!--O
That's it, your server is up and running.
-->
¤³¤ì¤Ç¤ª¤·¤Þ¤¤¡¢¥µ¡¼¥Ð¤ÏÆ°ºî¤·¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¡£
</Para>
<Para>
<!--O
If you have bigger problems, you could start <Literal remap="tt">ypserv</Literal> and
<Literal remap="tt">ypbind</Literal> in debug
mode on different xterms. The debug output should show you what goes
wrong.
-->
²¿¤«Â礤ÊÌäÂ꤬À¸¤¸¤¿¤é¡¢
<command>ypserv</command> ¤ä <command>ypbind</command>
¤òÊ̤Πxterm ¤«¤é¥Ç¥Ð¥Ã¥°¥â¡¼¥É¤Çµ¯Æ°¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£
¥Ç¥Ð¥Ã¥°½ÐÎϤ«¤é²¿¤¬ÌäÂê¤Ê¤Î¤«¤¬È½ÃǤǤ¤ë¤Ï¤º¤Ç¤¹¡£
</Para>
<Para>
<!--O
If you need to update a map, run <Literal remap="tt">make</Literal> in the <Literal remap="tt">/var/yp</Literal>
directory on the NIS master. This will update a map if the source file
is newer, and push the files to the slave servers. Please don't use
<Literal remap="tt">ypinit</Literal> for updating a map.
-->
¥Þ¥Ã¥×¤ò¹¹¿·¤¹¤ëɬÍפ¬À¸¤¸¤¿¾ì¹ç¤Ï¡¢ NIS ¥Þ¥¹¥¿¡¼¤Î
<filename>/var/yp</filename> ¥Ç¥£¥ì¥¯¥È¥ê¤Ç
<command>make</command> ¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£
¥½¡¼¥¹¥Õ¥¡¥¤¥ë¤¬¿·¤·¤¤¾ì¹ç¤Ë¤Ï¥Þ¥Ã¥×¤¬¹¹¿·¤µ¤ì¡¢¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤Ë
push ¤µ¤ì¤Þ¤¹¡£¥Þ¥Ã¥×¤Î¹¹¿·¤Ë¤Ï
<command>ypinit</command>
¤ÏÍѤ¤¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
</Para>
<Para>
<!--O
You might want to edit root's crontab *on the slave* server and add the
following lines:
-->
¡Ö¥¹¥ì¡¼¥Ö¡×¥µ¡¼¥Ð¾å¤Ç¤Ï root ¤Î
<filename>crontab</filename> ¤òÊÔ½¸¤·¡¢
°Ê²¼¤Î¤è¤¦¤Ê¹Ô¤òÄɲ䷤Ƥª¤¯¤ÈÎɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
</Para>
<ProgramListing>
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday
</ProgramListing>
<Para>
<!--O
This will ensure that most NIS maps are kept up-to-date, even if an
update is missed because the slave was down at the time the update was
done on the master.
-->
Ëü¤¬°ì¥Þ¥¹¥¿¥µ¡¼¥Ð¤Ç¤Î¹¹¿·¤ÎºÝ¤Ë¥¹¥ì¡¼¥Ö¤¬¥À¥¦¥ó¤·¤Æ¤¤¤Æ¥Ç¡¼¥¿¤ò
¼õ¤±Â»¤Ê¤Ã¤Æ¤â¡¤¤³¤ì¤Ë¤è¤Ã¤Æ NIS ¥Þ¥Ã¥×¤òºÇ¿·¤ËÊݤĤ³¤È¤¬¤Ç¤¤Þ¤¹¡£
</Para>
<Para>
<!--O
You can add a slave at every time later. At first, make sure that
the new slave server has permissions to contact the NIS master. Then run
-->
¥¹¥ì¡¼¥Ö¤Ï¤¤¤Ä¤Ç¤âÄɲ乤뤳¤È¤¬¤Ç¤¤Þ¤¹¡£
¤Þ¤º¿·¤·¤¯¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤¬
NIS ¥Þ¥¹¥¿¡¼¤ËÀܳ¤¹¤ëµö²Ä¤ò»ý¤Ã¤Æ¤¤¤ë¤«¤ò³Îǧ¤·¤Þ¤·¤ç¤¦¡£
¼¡¤Ë
<Screen>
% /usr/lib/yp/ypinit -s masterhost
</Screen>
<!--O
on the new slave. On the master server, add the new slave server name
to <Literal remap="tt">/var/yp/ypservers</Literal> and run <Literal remap="tt">make</Literal> in <Literal remap="tt">/var/yp</Literal>
to update the map.
-->
¤ò¿·¤·¤¤¥¹¥ì¡¼¥Ö¤Ç¼Â¹Ô¤·¤Þ¤¹¡£
¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Ç¤Ï¡¢¤³¤Î¿·¤·¤¤¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¤Î̾Á°¤ò
<filename>/var/yp/ypservers</filename> ¤ËÄɲä·¡¢
<filename>/var/yp</filename>
¤Ç
<command>make</command>
¤ò¼Â¹Ô¤·¤Æ¥Þ¥Ã¥×¤ò¹¹¿·¤·¤Þ¤¹¡£
</Para>
<Para>
<!--O
If you want to restrict access for users to your NIS server, you'll have
to setup the NIS server as a client as well by running ypbind and adding the
plus-entries to /etc/passwd _halfway_ the password file. The library
functions will ignore all normal entries after the first NIS entry, and
will get the rest of the info through NIS. This way the NIS access rules
are maintained. An example:
-->
NIS ¥µ¡¼¥Ð¤Ø¤Î¥æ¡¼¥¶¥¢¥¯¥»¥¹¤òÀ©¸Â¤·¤¿¤¤¾ì¹ç¤Ï¡¢
NIS ¥µ¡¼¥Ð¤Î¥Û¥¹¥È¤ò¥¯¥é¥¤¥¢¥ó¥È¤È¤·¤Æ¤â¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¤Ä¤Þ¤ê <command>ypbind</command> ¤ò¼Â¹Ô¤·¤Æ
"+" ¤ÎÉÕ¤¤¤¿¥¨¥ó¥È¥ê¤ò¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë <filename>/etc/passwd</filename>
¤ÎȾ¤Ð¤ËÄɲä·¤Þ¤¹¡£
¥é¥¤¥Ö¥é¥ê´Ø¿ô¤Ï NIS ¥¨¥ó¥È¥ê°Ê¹ß¤ËÃÖ¤«¤ì¤¿Ä̾ï¤Î¥¨¥ó¥È¥ê¤òÁ´¤Æ̵»ë¤·¡¢
»Ä¤ê¤ò NIS ¤òÄ̤·¤Æ¼èÆÀ¤·¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ë¤¹¤ë¤È NIS ¤Î¥¢¥¯¥»¥¹¥ë¡¼¥ë¤ò
´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£Îã¤ò¼¨¤·¤Þ¤¹¡£
</Para>
<Para>
<ProgramListing>
root:x:0:0:root:/root:/bin/bash
daemon:*:1:1:daemon:/usr/sbin:
bin:*:2:2:bin:/bin:
sys:*:3:3:sys:/dev:
sync:*:4:100:sync:/bin:/bin/sync
games:*:5:100:games:/usr/games:
man:*:6:100:man:/var/catman:
lp:*:7:7:lp:/var/spool/lpd:
mail:*:8:8:mail:/var/spool/mail:
news:*:9:9:news:/var/spool/news:
uucp:*:10:50:uucp:/var/spool/uucp:
nobody:*:65534:65534:noone at all,,,,:/dev/null:
+miquels::::::
+:*:::::/etc/NoShell
[ All normal users AFTER this line! ]
tester:*:299:10:Just a test account:/tmp:
miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
</ProgramListing>
</Para>
<Para>
<!--O
Thus the user "tester" will exist, but have a shell of /etc/NoShell. miquels
will have normal access.
-->
¤³¤Î¤è¤¦¤Ë¥æ¡¼¥¶ "tester" ¤Ï¸ºß¤·¤Þ¤¹¤¬¡¢¥·¥§¥ë¤¬ /etc/NoShell
¤Ë¤Ê¤ê¤Þ¤¹¡£ miquels ¤ÏÄ̾ï¤Î¥¢¥¯¥»¥¹¸¢¤ò»ý¤Ä¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
Alternatively, you could edit the <Literal remap="tt">/var/yp/Makefile</Literal> file
and set NIS to use
another source password file. On large systems the NIS password and group
files are usually stored in <Literal remap="tt">/etc/yp/</Literal>. If you do this the normal
tools to administrate the password file such as <Literal remap="tt">passwd</Literal>, <Literal remap="tt">chfn</Literal>,
<Literal remap="tt">adduser</Literal> will not work anymore and you need special homemade tools
for this.
-->
¤¢¤ë¤¤¤Ï <filename>/var/yp/Makefile</filename>
¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤·¡¢
NIS ¤¬»È¤¦¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÊ̤˻ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
Â礤ʥ·¥¹¥Æ¥à¤Ç¤Ï¡¢NIS ¤Î¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤È¥°¥ë¡¼¥×¥Õ¥¡¥¤¥ë¤ÏÄ̾ï
<filename>/var/yp/ypfiles</filename>
¤ËÃÖ¤¯¤³¤È¤¬Â¿¤¤¤è¤¦¤Ç¤¹¡£
¤³¤Î¤è¤¦¤Ë¤¹¤ë¤È¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë´ØÏ¢¤Î´ÉÍý¥Ä¡¼¥ë¤Ï»È¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
¤Ä¤Þ¤ê
<command>passwd</command>,
<command>chfn</command>,
<command>adduser</command>
¤Ê¤É¤ËÂФ·¡¢ÆÃÊ̤ʥġ¼¥ë¤¬É¬Íפˤʤê¤Þ¤¹¡£
</Para>
<Para>
<!--O
However, <Literal remap="tt">yppasswd</Literal>, <Literal remap="tt">ypchsh</Literal> and <Literal remap="tt">ypchfn</Literal> will
work of course.
-->
¤·¤«¤·
<command>yppasswd</command>,
<command>ypchsh</command>,
<command>ypchfn</command>
¤ÏÅöÁ³Æ°ºî¤·¤Þ¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>The Server Program yps
-->
<Title>¥µ¡¼¥Ð¥×¥í¥°¥é¥à yps
<IndexTerm><Primary
>NIS!yps server</Primary></IndexTerm>
<IndexTerm><Primary
>yps NIS server</Primary></IndexTerm>
</Title>
<Para>
<!--O
To set up the "yps" NIS server please refer to the previous paragraph.
The "yps" server setup is similar, _but_ not exactly the same so
beware if you try to apply the "ypserv" instructions to "yps"!
"yps" is not supported by any author, and contains some security leaks.
You really shouldn't use it !
-->
NIS ¥µ¡¼¥Ð <application>yps</application> ¤ÎÀßÄê¤Ï
Á°¤Î¥»¥¯¥·¥ç¥ó¤ò»²¹Í¤Ë¤·¤Æ²¼¤µ¤¤¡£
ÂçÂλ÷¤Æ¤¤¤Þ¤¹¤¬´°Á´¤ËƱ¤¸¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢
<application>ypserv</application> ¤ÎÀâÌÀ¤òŬÍѤ¹¤ëºÝ¤Ë¤ÏÃí°Õ¤·¤Æ²¼¤µ¤¤¡£
<application>yps</application> ¤Ï¤â¤Ï¤äï¤â¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó¤·¡¢
¤¤¤¯¤Ä¤«¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤â¸ºß¤·¤Æ¤¤¤Þ¤¹¡£»È¤¦¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡ª
</Para>
<Para>
<!--O
The "yps" NIS server software can be found on:
-->
<application>yps</application> ¤Î¥½¥Õ¥È¤Ï°Ê²¼¤Î¥µ¥¤¥È¤Ë¤¢¤ê¤Þ¤¹¡£
</Para>
<!--O
<Screen>
Site Directory File Name
ftp.lysator.liu.se /pub/NYS/servers yps-0.21.tar.gz
ftp.kernel.org /pub/linux/utils/net/NIS yps-0.21.tar.gz
</Screen>
-->
<InformalTable frame=none>
<tgroup cols=2>
<thead>
<row>
<entry>Site and Directory</entry>
<entry>Filename</entry>
</row>
</thead>
<tbody>
<row>
<entry morerows=2><ULink URL="ftp://ftp.lysator.liu.se/pub/NYS/servers/"
>ftp.lysator.liu.se:/pub/NYS/servers</ULink></entry>
<entry>yps-0.21.tar.gz</entry>
</row>
<row>
<entry morerows=2><ULink URL="ftp://ftp.kernel.org/pub/linux/utils/net/NIS/"
>ftp.kernel.org:/pub/linux/utils/net/NIS</ULink></entry>
<entry>yps-0.21.tar.gz</entry>
</row>
</tbody>
</tgroup>
</InformalTable>
</Sect2>
<Sect2>
<!--O
<Title>The Program rpc.ypxfrd
-->
<Title>rpc.ypxfrd ¥×¥í¥°¥é¥à
<IndexTerm><Primary
>NIS|rpc.ypxfrd daemon</Primary></IndexTerm>
<IndexTerm><Primary
>rpc.ypxfrd daemon</Primary></IndexTerm>
</Title>
<Para>
<!--O
rpc.ypxfrd is used for speed up the transfer of very large
NIS maps from a NIS master to NIS slave servers. If a
NIS slave server receives a message that there is a new
map, it will start ypxfr for transfering the new map.
ypxfr will read the contents of a map from the master
server using the yp_all() function. This process can take
several minutes when there are very large maps which have
to store by the database library.
-->
rpc.ypxfrd ¤ÏÈó¾ï¤ËÂç¤¤Ê NIS ¥Þ¥Ã¥×¤ò NIS ¥Þ¥¹¥¿¡¼¤«¤é
NIS ¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¡¼¤ËžÁ÷¤¹¤ëºÝ¤Ë¡¢Å¾Á÷¤ò¹â®²½¤¹¤ë¤¿¤á¤Ë
ÍѤ¤¤é¤ì¤Þ¤¹¡£
NIS ¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¡¼¤Ï¡¢¿·¤·¤¤¥Þ¥Ã¥×¤¬¤¢¤ë¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤ò
¼õ¤±¼è¤ë¤È¡¢¤½¤Î¥Þ¥Ã¥×¤ò¼èÆÀ¤¹¤ë¤¿¤á¤Ë ypxfr ¤òµ¯Æ°¤·¤Þ¤¹¡£
ypxfr ¤Ï yp_all() ´Ø¿ô¤òÍѤ¤¤Æ¥Þ¥Ã¥×¤ÎÆâÍƤò¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¡¼
¤«¤éÆɤ߹þ¤â¤¦¤È¤·¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¥Ç¡¼¥¿¡¼¥Ù¡¼¥¹¥é¥¤¥Ö¥é¥ê¤ò
Ä̤·¤ÆÊݸ¤µ¤ì¤ë¤¿¤á¡¢¥Þ¥Ã¥×¤Î¥µ¥¤¥º¤¬Èó¾ï¤ËÂ礤¯¤Ê¤ë¤È¡¢
¤³¤Î¥×¥í¥»¥¹¤Ï¿ôʬ¤â¤«¤«¤Ã¤Æ¤·¤Þ¤¦¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
The rpc.ypxfrd server speeds up the transfer process by
allowing NIS slave servers to simply copy the master
server's map files rather than building their own from
scratch. rpc.ypxfrd uses an RPC-based file transfer protocol,
so that there is no need for building a new map.
-->
rpc.ypxfrd ¥µ¡¼¥Ð¡¼¤Ï¡¢ NIS ¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¡¼¤Ë¥Þ¥¹¥¿¡¼¤Î
¥Þ¥Ã¥×¥Õ¥¡¥¤¥ë¤òñ½ã¤Ë¥³¥Ô¡¼¤µ¤»¡¢Å¾Á÷¥×¥í¥»¥¹¤ò¹â®²½¤·¤Þ¤¹¡£
¥¹¥ì¡¼¥Ö¥µ¡¼¥Ð¡¼¤¬¥¼¥í¤«¤é¼«Á°¤Î¥Þ¥Ã¥×¤òÀ¸À®¤¹¤ë¤Î¤ËÈæ¤Ù¡¢
¤³¤ì¤Ï¤º¤Ã¤Èû»þ´Ö¤Ç¤¹¤ß¤Þ¤¹¡£
rpc.ypxfrd ¤Ï RPC ¥Ù¡¼¥¹¤ÎžÁ÷¥×¥í¥È¥³¥ë¤òÍѤ¤¤ë¤Î¤Ç¡¢
¿·¤·¤¤¥Þ¥Ã¥×¤òÀ¸À®¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
rpc.ypxfrd can be started by inetd. But since it starts
very slow, it should be started with ypserv. You need to start
rpc.ypxfrd only on the NIS master server.
-->
rpc.ypxfrd ¤Ï inetd ¤«¤éµ¯Æ°¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¤¬¡¢
µ¯Æ°¤Ë¤Ï»þ´Ö¤¬¤«¤«¤ë¤Î¤Ç¡¢ ypserv ¤È°ì½ï¤Ë¥Ç¡¼¥â¥ó¤È¤·¤Æ
µ¯Æ°¤·¤Æ¤ª¤¯¤Û¤¦¤¬¤¤¤¤¤Ç¤·¤ç¤¦¡£
rpc.ypxfrd ¤Ï NIS ¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Ç¤À¤±µ¯Æ°¤·¤Æ¤ª¤±¤Ð OK ¤Ç¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>The Program rpc.yppasswdd
-->
<Title>rpc.yppasswdd ¥×¥í¥°¥é¥à
<IndexTerm><Primary
>NIS!rpc.yppasswdd daemon</Primary></IndexTerm>
<IndexTerm><Primary
>rpc.yppasswdd daemon</Primary></IndexTerm>
</Title>
<Para>
<!--O
Whenever users change their passwords, the NIS password database and
probably other NIS databases, which depend on the NIS password
database, should be updated. The program "rpc.yppasswdd" is a server that
handles password changes and makes sure that the NIS information will
be updated accordingly. rpc.yppasswdd is now integrated in ypserv. You
don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz,
and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.3.2
has full shadow support. yppasswd is now part of yp-tools-2.2.tar.gz.
-->
¥æ¡¼¥¶¤¬¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤·¤¿¤È¤¤Ë¤Ï¡¢
NIS ¤Î¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹¤ä¡¢
¤½¤ì¤Ë°Í¸¤·¤¿Â¾¤Î NIS ¥Ç¡¼¥¿¥Ù¡¼¥¹¤âÊѹ¹¤µ¤ì¤Ê¤±¤ì¤Ð¤Ê¤ì¤Þ¤»¤ó¡£
¤³¤ì¤ò¹Ô¤Ê¤¦¤Î¤¬ <command>rpc.yppasswdd</command> ¤Ç¤¹¡£
¤³¤Î¥×¥í¥°¥é¥à¤Ï¥Ñ¥¹¥ï¡¼¥ÉÊѹ¹¤ò¼è¤ê°·¤¤¡¢
NIS ¤Î¾ðÊó¤¬Àµ¤·¤¯¹¹¿·¤µ¤ì¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£
¸½ºß <command>rpc.yppasswdd</command> ¤Ï
<application>ypserv</application> ¤Î°ìÉô¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
Ê̥ѥ屡¼¥¸¤Ë¤Ê¤Ã¤Æ¤¤¤ë
<filename>yppasswd-0.9.tar.gz</filename> ¤ä
<filename>yppasswd-0.10.tar.gz</filename>
¤Ê¤É¤Ï¸Å¤¤¤Î¤Ç»È¤¦É¬ÍפϤ¢¤ê¤Þ¤»¤ó¤·¡¢¤Þ¤¿º£¸å»È¤¦¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
ypserv 1.3.2 ¤Î <command>rpc.yppasswdd</command> ¤Ï
shadow ¤ò´°Á´¤Ë¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£
<command>yppasswd</command> ¤Ï
<filename>yp-tools-2.2.tar.gz</filename> ¤ËÆþ¤Ã¤Æ¤¤¤Þ¤¹¡£
</Para>
<Para>
<!--O
You need to start rpc.yppasswdd only on the NIS master server. By default,
users are not allowed to change their full name or the login shell.
You can allow this with the -e chfn or -e chsh option.
-->
rpc.yppasswdd ¤ò¼Â¹Ô¤¹¤ë¤Î¤Ï NIS ¥Þ¥¹¥¿¡¼¥µ¡¼¥Ð¤Î¤ß¤Ç¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Ç
¤Ï¡¢¥æ¡¼¥¶¡¼¤Ï¥Õ¥ë¥Í¡¼¥à¤ä¥í¥°¥¤¥ó¥·¥§¥ë¤òÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¤è¤¦¤Ë
¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤òµö²Ä¤¹¤ë¤Ë¤Ï¡¢¤½¤ì¤¾¤ì -e chfn ¤ª¤è¤Ó -e chsh ¥ª¥×
¥·¥ç¥ó¤ò»ØÄꤷ¤Þ¤¹¡£
</Para>
<Para>
<!--O
If your passwd and shadow files are not in another directory then
/etc, you need to add the -D option. For example, if you have put
all source files in /etc/yp and wish to allow the user to change
his shell, you need to start rpc.yppasswdd with the following parameters:
-->
passwd ¤È shadow ¥Õ¥¡¥¤¥ë¤¬ /etc °Ê³°¤Ë¤¢¤ë¾ì¹ç¤Ï¡¢ -D ¥ª¥×¥·¥ç¥ó¤ò
»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£Î㤨¤ÐÁ´¤Æ¤Î¥½¡¼¥¹¥Õ¥¡¥¤¥ë¤ò
<filename>/etc/yp</filename>
¤ËÃÖ¤¤¤Æ¡¢¥æ¡¼¥¶¤Ë¥·¥§¥ë¤ÎÊѹ¹¤ò²Äǽ¤Ë¤·¤¿¤¤¾ì¹ç¤Ï¡¢
<command>rpc.yppasswdd</command> ¤ò°Ê²¼¤Î¥Ñ¥é¥á¡¼¥¿¤Ç¼Â¹Ô¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó:
<Screen>
# rpc.yppasswdd -D /etc/yp -e chsh
</Screen>
<!--O
or
-->
¤Þ¤¿¤Ï
<Screen>
# rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh
</Screen>
¤Ç¤â OK ¤Ç¤¹¡£
</Para>
<Para>
<!--O
There is nothing more to do. You just need to make sure, that
<Literal remap="tt">rpc.yppasswdd</Literal> uses the same files as <Literal remap="tt">/var/yp/Makefile</Literal>.
Errors will be logged using syslog.
-->
¾¤Ë¤ÏÆäˤ¹¤ë¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£¤¿¤À¡¢
<command>rpc.yppasswdd</command> ¤¬
<filename>/var/yp/Makefile</filename>
¤ÈƱ¤¸¥Õ¥¡¥¤¥ë¤ò»È¤Ã¤Æ¤¤¤ë¤«¤É¤¦¤«¤Ïµ¤¤ò¤Ä¤±¤Æ¤ª¤¤¤Æ¤¯¤À¤µ¤¤¡£
¥¨¥é¡¼¤Ï syslog ¤òÄ̤·¤ÆµÏ¿¤µ¤ì¤Þ¤¹¡£
</Para>
</Sect2>
</Sect1>
<Sect1 id="verify-inst">
<!--O
<Title>Verifying the NIS/NYS Installation
-->
<Title>NIS/NYS ¥¤¥ó¥¹¥È¡¼¥ë¤Î¥Á¥§¥Ã¥¯
<IndexTerm><Primary
>NIS!verification of operation</Primary></IndexTerm>
<IndexTerm><Primary
>NYS!verification of operation</Primary></IndexTerm>
</Title>
<Para>
<!--O
If everything is fine (as it should be), you should be able to verify
your installation with a few simple commands. Assuming, for example,
your passwd file is being supplied by NIS, the command
-->
¤¹¤Ù¤Æ¤¬¤¦¤Þ¤¯¹Ô¤Ã¤¿¤é¡¢
´Êñ¤Ê¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤Î¥Á¥§¥Ã¥¯¤ò¹Ô¤Ã¤Æ²¼¤µ¤¤¡£
Î㤨¤Ð¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤¬ NIS/NYS ¤Ç¶¦Í¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢
</Para>
<Para>
<Screen>
% ypcat passwd
</Screen>
</Para>
<Para>
<!--O
should give you the contents of your NIS passwd file. The command
-->
¤È¤¤¤¦¥³¥Þ¥ó¥É¤Ç NIS ¤Î¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÆâÍƤ¬¸«¤é¤ì¤ë¤Ï¤º¤Ç¤¹¡£
¤Þ¤¿
</Para>
<Para>
<Screen>
% ypmatch userid passwd
</Screen>
</Para>
<Para>
<!--O
(where userid is the login name of an arbitrary user) should give you
the user's entry in the NIS passwd file. The "ypcat" and "ypmatch"
programs should be included with your distribution of traditional
NIS or NYS.
-->
¤È¤¹¤ì¤Ð¡¢
»ØÄꤷ¤¿¥æ¡¼¥¶¤Î¥¨¥ó¥È¥ê¤¬¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤«¤é¼è¤ê½Ð¤µ¤ì¤Æɽ¼¨¤µ¤ì¤Þ¤¹
(userid ¤Ë¤ÏŬÅö¤Ê¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó̾¤òÆþ¤ì¤Þ¤¹)¡£
¤Ê¤ª <command>ypcat</command> ¤ä <command>ypmatch</command> ¤Ï¡¢
trad-NIS ¤ä NYS ¤ÎÇÛÉۥѥ屡¼¥¸¤ËÆþ¤Ã¤Æ¤¤¤Þ¤¹¡£
</Para>
<Para>
<!--O
If a user cannot log in, run the following program on the client:
-->
¥æ¡¼¥¶¡¼¤Ë¤è¤ë¥í¥°¥¤¥ó¤¬¤Ç¤¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢
°Ê²¼¤Î¥×¥í¥°¥é¥à¤ò¥¯¥é¥¤¥¢¥ó¥È¤Ç¼Â¹Ô¤·¤Æ¤ß¤Æ²¼¤µ¤¤¡£
</Para>
<ProgramListing>
#include <stdio.h>
#include <pwd.h>
#include <sys/types.h>
int
main(int argc, char *argv[])
{
struct passwd *pwd;
if(argc != 2)
{
fprintf(stderr,"Usage: getwpnam username\n");
exit(1);
}
pwd=getpwnam(argv[1]);
if(pwd != NULL)
{
printf("name.....: [%s]\n",pwd->pw_name);
printf("password.: [%s]\n",pwd->pw_passwd);
printf("user id..: [%d]\n", pwd->pw_uid);
printf("group id.: [%d]\n",pwd->pw_gid);
printf("gecos....: [%s]\n",pwd->pw_gecos);
printf("directory: [%s]\n",pwd->pw_dir);
printf("shell....: [%s]\n",pwd->pw_shell);
}
else
fprintf(stderr,"User \"%s\" not found!\n",argv[1]);
exit(0);
}
</ProgramListing>
<Para>
<!--O
Running this program with the username as parameter will print all the
information the getpwnam function gives back for this user. This should
show you which entry is incorrect. The most common problem is, that the
password field is overwritten with a "*".
-->
¤³¤Î¥×¥í¥°¥é¥à¤ò¥æ¡¼¥¶Ì¾¤ò¥Ñ¥é¥á¡¼¥¿¤È¤·¤Æ¼Â¹Ô¤·¤Þ¤¹¤È¡¢
¤½¤Î¥æ¡¼¥¶¤ËÂФ·¤Æ getpwnam ´Ø¿ô¤¬ÊÖ¤¹¾ðÊó¤¬Á´¤Æɽ¼¨¤µ¤ì¤Þ¤¹¡£
¤³¤ì¤Ë¤è¤Ã¤Æ¡¢¤É¤Î¥¨¥ó¥È¥ê¤¬´Ö°ã¤Ã¤Æ¤¤¤ë¤«¤¬¤ï¤«¤ë¤Ç¤·¤ç¤¦¡£
¤è¤¯¤¢¤ë´Ö°ã¤¤¤È¤·¤Æ¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤Î¥Õ¥£¡¼¥ë¥É¤¬
"*" ¤Ë¤è¤Ã¤Æ¾å½ñ¤¤µ¤ì¤Æ¤¤¤ë¡¢¤Ê¤É¤¬¤¢¤ê¤Þ¤¹¡£
</Para>
<Para>
<!--O
GNU C Library 2.1 (glibc 2.1) comes with a tool called getent. Use this
program instead the above on such a system. You could try:
-->
GNU C Library 2.1 (glibc 2.1) ¤Ë¤Ï
<command>getent</command> ¤È¤¤¤¦¥Ä¡¼¥ë¤¬¤Ä¤¤¤Æ¤¤Þ¤¹¡£
¤½¤Î¤è¤¦¤Ê¥·¥¹¥Æ¥à¤Ç¤Ï¡¢¾åµ¤ÎÂå¤ï¤ê¤Ë¤³¤Á¤é¤ò»È¤¤¤Þ¤·¤ç¤¦¡£
<Screen>
% getent passwd
</Screen>
<!--O
or
-->
¤ä
<Screen>
% getent passwd login
</Screen>
¤Î¤è¤¦¤Ë»î¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£
</Para>
</Sect1>
<Sect1 id="bootup">
<!--O
<Title>Surviving a Reboot</Title>
-->
<Title>ºÆµ¯Æ°»þ¤Î¼«Æ°¼Â¹Ô</Title>
<!--NAKANO ¤¦¤Þ¤¤Ìõ´õ˾ :-) -->
<Para>
<!--O
Once you have NIS correctly configured on the server and client, you do need
to be sure that the configuration will survive a reboot.
-->
NIS ¤¬¥µ¡¼¥Ð¤ä¥¯¥é¥¤¥¢¥ó¥È¤ÇÀµ¤·¤¯ÀßÄê¤Ç¤¤¿¤é¡¢
¤³¤ÎÀßÄ꤬µ¯Æ°»þ¤Ë¤âÀµ¤·¤¯È¿±Ç¤µ¤ì¤ë¤«¤ò³Îǧ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
</Para>
<Para>
<!--O
There are two separate issues to check: the existence of an init script and
the correct storage of the NIS domain name.
-->
¥Á¥§¥Ã¥¯¤¹¤ëÅÀ¤Ï 2 ¤Ä¤¢¤ê¤Þ¤¹¡£
µ¯Æ°¥¹¥¯¥ê¥×¥È¤¬¤¢¤ë¤«¤É¤¦¤«¤È¡¢
NIS ¥É¥á¥¤¥ó̾¤¬Àµ¤·¤¤¾ì½ê¤ËÊݸ¤µ¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¡¢¤Ç¤¹¡£
</Para>
<Sect2>
<!--O
<Title>NIS Init Script</Title>
-->
<Title>NIS ÍѤε¯Æ°¥¹¥¯¥ê¥×¥È</Title>
<Para>
<!--O
In your version of Linux, you need to check your directory of init scripts,
typically <filename>/etc/init.d</filename>, <filename>/etc/rc.d/init.d
</filename> or <filename>/sbin/init.d</filename> to be sure there is a
startup script there for NIS. Usually this
file is called <filename>ypbind</filename> or <filename>ypclient</filename>.
-->
¤¢¤Ê¤¿¤Î»È¤Ã¤Æ¤¤¤ë Linux ¤Ç¤Î
µ¯Æ°¥¹¥¯¥ê¥×¥È¤ÎÃÖ¾ì½ê¤Ë¤Ê¤Ã¤Æ¤¤¤ë¥Ç¥£¥ì¥¯¥È¥ê¤òÄ´¤Ù¤Þ¤·¤ç¤¦¡£
<simplelist type="inline">
<member><filename>/etc/init.d</filename></member>
<member><filename>/etc/rc.d/init.d</filename></member>
<member><filename>/sbin/init.d</filename></member>
</simplelist>
¤Ê¤É¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È»×¤¤¤Þ¤¹¡£
NIS ¤Îµ¯Æ°¥¹¥¯¥ê¥×¥È¤¬¤¢¤ë¤«¤É¤¦¤«³Îǧ¤·¤Þ¤·¤ç¤¦¡£
¥Õ¥¡¥¤¥ë¤Î̾Á°¤Ï¤Õ¤Ä¤¦
<filename>ypbind</filename> ¤È¤«
<filename>ypclient</filename> ¤È¤Ê¤Ã¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>NIS Domain Name</Title>
-->
<Title>NIS ¥É¥á¥¤¥ó̾</Title>
<Para>
<!--O
Perhaps the greatest issue that some people have with NIS is ensuring that
the NIS domain name is available after a reboot. According to Solaris 2.x,
the NIS domain name should be entered as a single line in:
-->
¤ª¤½¤é¤¯¤¢¤ë¼ï¤Î¿Í¡¹¤Ë¤È¤Ã¤Æ¡¢
NIS ¤ò»È¤¦¾å¤Ç¤ÎºÇÂç¤ÎÆñ´Ø¤Ï¡¢
NIS ¥É¥á¥¤¥ó̾¤òºÆµ¯Æ°¸å¤Ë¤â¼èÆÀ¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤Ç¤·¤ç¤¦¡£
Solaris 2.x ¤Ç¤Ï¡¢NIS ¥É¥á¥¤¥ó̾¤Ï
<Screen>
/etc/defaultdomain
</Screen>
<!--O
However, most Linux distributions does not seem to use this file.
-->
¤Ë 1 ¹Ô¤Ç½ñ¤«¤ì¤Æ¤¤¤Þ¤·¤¿¡£
¤·¤«¤·¡¢¤Û¤È¤ó¤É¤Î Linux ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ç¤Ï
¤³¤Î¥Õ¥¡¥¤¥ë¤Ï»È¤Ã¤Æ¤¤¤Ê¤¤¤è¤¦¤Ç¤¹¡£
</Para>
</Sect2>
<Sect2>
<!--O
<Title>Distribution-specific Issues</Title>
-->
<Title>¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¸ÇͤÎÏÃÂê</Title>
<Para>
<!--O
At this time, the following information is known about how various Linux
distributions handle the storage of the NIS domainname.
-->
¸½ºß¤Î¤È¤³¤í¡¢
¤¤¤í¤¤¤í¤Ê Linux ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ë¤ª¤±¤ë
NIS ¥É¥á¥¤¥ó̾¤ÎÊݴɾì½ê¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
</Para>
<Sect3>
<Title>Caldera 2.<emphasis>x</emphasis></Title>
<Para>
<!--O
Caldera uses the file <filename>/etc/nis.conf</filename> which has the same format
as the normal <filename>/etc/yp.conf</filename>.
-->
Caldera ¤Ï <filename>/etc/nis.conf</filename>
¥Õ¥¡¥¤¥ë¤òÍѤ¤¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£½ñ¼°¤ÏÄ̾ï¤Î
<filename>/etc/yp.conf</filename> ¤ÈƱ¤¸¤Ç¤¹¡£
</Para>
</Sect3>
<Sect3>
<Title>Debian</Title>
<Para>
<!--O
Debian appears to follow Sun's usage of <filename>/etc/defaultdomain</filename>.
-->
Debian ¤Ï Sun ¤ÈƱ¤¸¤¯
<filename>/etc/defaultdomain</filename>
¤ò»È¤Ã¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
</Para>
</Sect3>
<Sect3>
<Title>Red Hat 6.<emphasis>x</emphasis>, 7.<emphasis>x</emphasis></Title>
<Para>
<!--O
Create or modify the variable <Command>NISDOMAIN</Command> in the file
<filename>/etc/sysconfig/network</filename>.
-->
<filename>/etc/sysconfig/network</filename> ¥Õ¥¡¥¤¥ë¤Î
<command>NISDOMAIN</command> ÊÑ¿ô¤ò (¤Ê¤±¤ì¤ÐºîÀ®¤·¤Æ)
½¤Àµ¤·¤Æ¤¯¤À¤µ¤¤¡£
</Para>
</Sect3>
<Sect3>
<Title>SuSE Linux</Title>
<Para>
<!--O
Modify the variable <command>YP_DOMAINNAME</command> in <filename>/etc/rc.config</filename> and then run the command <command>SuSEconfig</command>.
-->
<filename>/etc/rc.config</filename> ¥Õ¥¡¥¤¥ë¤Î
<command>YP_DOMAINNAME</command> ÊÑ¿ô¤ò½¤Àµ¤·¤Æ¡¢
<command>SuSEconfig</command> ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£
</Para>
</Sect3>
</Sect2>
</Sect1>
<Sect1 id="problems">
<!--O
<Title>Common Problems and Troubleshooting NIS
-->
<Title>NIS ¤Ç¤è¤¯¤ª¤³¤ëÌäÂê¤È¤½¤Î²ò·èÊýË¡
<IndexTerm><Primary
>NIS!troubleshooting</Primary></IndexTerm>
<IndexTerm><Primary
>NIS!problems with</Primary></IndexTerm>
</Title>
<Para>
<!--O
Here are some common problems reported by various users:
-->
°Ê²¼¤Î¤è¤¦¤ÊÌäÂ꤬¿¤¯¤Î¥æ¡¼¥¶¤«¤éÊó¹ð¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
</Para>
<Para>
<OrderedList>
<ListItem>
<Para>
<!--O
The libraries for 4.5.19 are broken. NIS won't work with it.
-->
¥Ð¡¼¥¸¥ç¥ó 4.5.19 ¤Î¥é¥¤¥Ö¥é¥ê¤Ï²õ¤ì¤Æ¤ª¤ê NIS ¤ÏÆ°ºî¤·¤Þ¤»¤ó¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
If you upgrade the libraries from 4.5.19 to 4.5.24 then the
su command breaks. You need to get the su command from the
slackware 1.2.0 distribution. Incidentally that's where you
can get the updated libraries.
-->
¥é¥¤¥Ö¥é¥ê¤ò 4.5.19 ¤«¤é 4.5.24 ¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É¤¹¤ë¤È
<command>su</command> ¥³¥Þ¥ó¥É¤¬»È¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
¤³¤Î¾ì¹ç¤Ï <command>su</command> ¥³¥Þ¥ó¥É¤ò Slackware 1.2.0
¤«¤éÆþ¼ê¤·¤Þ¤¹¡£¤Ä¤¤¤Ç¤ËºÇ¿·¤Î¥é¥¤¥Ö¥é¥ê¤âƳÆþ¤·¤Æ¤·¤Þ¤¦¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£
<!--SHOM 1.2.0 ¤È¤Ï¡¢¤Õ¡¢¸Å¤¤¡Ä¡£ºÇ¿·¤Ç¤Ï¤É¤¦¤Ê¤Ã¤Æ¤ë¤ó¤Ç¤·¤ç¤¦¡£-->
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
When a NIS server goes down and comes up again ypbind starts
complaining with messages like:
-->
NIS ¥µ¡¼¥Ð¤òºÆµ¯Æ°¤µ¤»¤¿ºÝ¡¢<command>ypbind</command> ¤¬
<screen>
yp_match: clnt_call:
RPC: Unable to receive; errno = Connection refused
</screen>
<!--O
and logins are refused for those who are registered in the
NIS database. Try to login as root and kill
ypbind and start it up again. An update to ypbind 3.3 or higher
should also help.
-->
¤Î¤è¤¦¤Ê¥á¥Ã¥»¡¼¥¸¤òɽ¼¨¤·¡¢
NIS ¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¿Í¤¬¥í¥°¥¤¥ó¤Ç¤¤Ê¤¯¤Ê¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
root ¤Ç¥í¥°¥¤¥ó¤·¤Æ <command>ypbind</command> ¤ò
kill ¤·¡¢<command>ypbind</command> ¤òµ¯Æ°¤·¤Ê¤ª¤·¤Æ¤ß¤Æ²¼¤µ¤¤¡£
ypbind 3.3 °Ê¹ß¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤·¤Æ¤â²ò·è¤Ç¤¤ë¤È»×¤¤¤Þ¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
After upgrading the libc to a version greater then 5.4.20, the YP tools
will not work any longer. You need yp-tools 1.2 or later for
libc >= 5.4.21 and glibc 2.x. For earlier libc version you need
yp-clients 2.2. yp-tools 2.x should work for all libraries.
-->
libc ¤ò 5.4.20 °Ê¾å¤ÎÈǤ˥¢¥Ã¥×¥°¥ì¡¼¥É¤¹¤ë¤È¡¢
YP tools ¤¬Æ°ºî¤·¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
libc >= 5.4.21 ¤ª¤è¤Ó glibc 2.x ¤Ë¤Ï
yp-tools 1.2 ¤¬É¬ÍפǤ¹¡£
¤½¤ì°ÊÁ°¤ÎÈǤΠlibc ¤Ë¤Ï yp-clients 2.2 ¤¬É¬ÍפǤ¹¡£
yp-tools 2.x ¤Ê¤é¤¹¤Ù¤Æ¤Î¥é¥¤¥Ö¥é¥ê¤ÇÆ°ºî¤·¤Þ¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
In libc 5.4.21 - 5.4.35 yp_maplist is broken, you need 5.4.36 or later,
or some YP programs like ypwhich will segfault.
-->
libc 5.4.21-5.4.35 ¤Î yp_maplist ¤Ï²õ¤ì¤Æ¤¤¤Þ¤¹¡£
yp-tools 1.x ¤òÍѤ¤¤ë¤Ë¤Ï 5.4.36 °Ê¹ß¤¬É¬ÍפǤ¹¡£
¤µ¤â¤Ê¤¤¤È ypwhich ¤Ê¤É¤Î
YP ¥×¥í¥°¥é¥à¤Ï segfault ¤·¤Æ¤·¤Þ¤¦¤Ï¤º¤Ç¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
libc 5 with traditional NIS doesn't support shadow passwords over NIS.
You need libc5 + NYS or glibc 2.x.
-->
libc5 ¤È trad-NIS ¤Ï shadow ¥Ñ¥¹¥ï¡¼¥É¤Î NIS ¤Ç¤ÎÇÛÉÛ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó¡£
libc5 + NYS ¤Þ¤¿¤Ï glibc 2.x ¤òÍѤ¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
</Para>
</ListItem>
<ListItem>
<Para>
ypcat shadow doesn't show the shadow map. This is correct, the name of
the shadow map is shadow.byname, not shadow.
<!--O
ypcat ¤Ï "shadow" ¥Þ¥Ã¥×¤òɽ¼¨¤·¤Þ¤»¤ó¡£¤³¤ì¤ÏÀµ¤·¤¤Æ°ºî¤Ç¤¹¡£
shadow ¥Þ¥Ã¥×¤Î̾Á°¤Ï "shadow.byname" ¤Ç¤¹¤«¤é¡£
-->
</Para>
</ListItem>
<ListItem>
<Para>
<!--O
Solaris doesn't use always privileged ports. So don't use password
mangling if you have a Solaris client.
-->
Solaris ¤Ïɬ¤º¤·¤âÆø¢¥Ý¡¼¥È¤òÍѤ¤¤Þ¤»¤ó¡£½¾¤Ã¤Æ
Solaris ¤Î¥¯¥é¥¤¥¢¥ó¥È¤¬¤¢¤ë¾ì¹ç¤Ï¥Ñ¥¹¥ï¡¼¥É mangling ¤òÍѤ¤¤Æ¤Ï
¤¤¤±¤Þ¤»¤ó¡£
<!--NAKANO password mangling ¤Ï¤É¤¦Ìõ¤¹¤Î¤¬¤¤¤¤¡©-->
</Para>
</ListItem>
</OrderedList>
</Para>
</Sect1>
<Sect1 id="faq">
<!--O
<Title>Frequently Asked Questions
-->
<Title>¤è¤¯¤¢¤ë¼ÁÌä (FAQ)
<IndexTerm><Primary
>NIS!frequently asked questions</Primary></IndexTerm>
</Title>
<Para>
<!--O
Most of your questions should be answered by now. If there are still
questions unanswered you might want to post a message to
-->
¤¢¤Ê¤¿¤¬µ¿Ìä¤Ë»×¤Ã¤Æ¤¤¤¿¤³¤È¤Ï¤³¤³¤Þ¤Ç¤ËÂçÉôʬ¤¬²ò·è¤µ¤ì¤¿¤³¤È¤È»×¤¤¤Þ
¤¹¤¬¡¢¤Þ¤Àµ¿ÌäÅÀ¤¬»Ä¤Ã¤Æ¤¤¤Þ¤·¤¿¤é¡¢
<SimpleList>
<member>comp.os.linux.networking</member>
</SimpleList>
¤Ê¤É¤Ë¼ÁÌ䤹¤ë¤ÈÎɤ¤¤È»×¤¤¤Þ¤¹¡£
</Para>
<Para>
ÌõÃí¡§ÆüËܸì¤Î¥Ë¥å¡¼¥¹¥°¥ë¡¼¥×¤È¤·¤Æ¤Ï
<SimpleList>
<member>fj.os.linux</member>
<member>japan.comp.linux</member>
</SimpleList>
¤Ê¤É¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£
</Para>
<Para>
Ìõ¼Ô¤Î¥Ú¡¼¥¸
(<ULink URL="http://surf.ap.seikei.ac.jp/~nakano/linux/NIS-j.html"
>http://surf.ap.seikei.ac.jp/~nakano/linux/NIS-j.html</ULink>)
¤Ë¤Ï¡¢¸Ä¿ÍŪ¤Ê¥¤¥ó¥¹¥È¡¼¥ëÂθ³µ¤¬½ñ¤¤¤Æ¤¢¤ë¤Û¤«¡¢
¤³¤Îʸ½ñ¤Ç¾Ò²ð¤µ¤ì¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢Æþ¼êÀè¤Î¥ß¥é¡¼¤Î¤¦¤Á¡¢
¹ñÆâ¤Î¤â¤Î¤ò¾Ò²ð¤·¤Æ¤¤¤Þ¤¹¡£
</Para>
</Sect1>
</Article>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
3f27d401a80d7d3c15cf3ec07667d5ed
>
files
>
82
