The Linux NIS(YP)/NYS/NIS+ HOWTO
Thorsten Kukuk
ìY - (ú{êó)
v1.1.1, 18 November 2000
±Ì¶ÅÍ Linux ð NIS(YP) Ü½Í NIS+ ÌNCAgÉÝè·éû
@A¨æÑ NIS T[oðCXg[·éû@É¢Äq×Ü·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
Table of Contents
1. ͶßÉ
1.1. ±Ì¶ÌÅVÅ
1.2. ÆÓ
1.3. tB[hobNÆ¡ãÌüÅ
1.4. Ó«
2. pêWÆêÊIÈîñ
2.1. pêW
2.2. êÊIÈîñ
3. NIS © NYS © NIS+ ©
3.1. libc 4/5 ÅÍ trad-NIS ©A»êÆà NYS Cu©H
3.2. glibc 2 Æ NIS/NIS+
3.3. NIS © NIS+ ©H
4. ®ì´
4.1. NIS Ì®ì´
4.2. NIS+ Ì®ì´
5. RPC |[g}bp
6. NIS ÌÝè
6.1. }X^[T[oAX[uT[oANCAgðßé
6.2. \tgEFA
7. NIS NCAgÌÝè
7.1. ypbind f[
7.2. trad-NIS ðp¢½ NIS NCAgðZbgAbv·é
7.3. NYS ðp¢½ NIS NCAgðZbgAbv·é
7.4. glibc 2.x ðp¢½ NIS NCAgðZbgAbv·é
7.5. nsswitch.conf t@C
7.6. Shadow pX[hÆ NIS
8. NIS+ ÌÝè
8.1. \tgEFA
8.2. NIS+ NCAgÌZbgAbv
8.3. NIS+, keylogin, login ¨æÑ PAM
8.4. nsswitch.conf t@C
9. NIS T[oÌÝè
9.1. T[ovO ypserv
9.2. T[ovO yps
9.3. rpc.ypxfrd vO
9.4. rpc.yppasswdd vO
10. NIS/NYS CXg[Ì`FbN
11. ÄN®Ì©®Às
11.1. NIS pÌN®XNvg
11.2. NIS hC¼
11.3. fBXgr
[VÅLÌbè
12. NIS Å樱éâèÆ»Ìðû@
13. æ é¿â (FAQ)
1. ͶßÉ
Linux }VÍÇñÇñlbg[NÉÚ±³êéæ¤ÉÈÁīܵ½BÜ
½lbg[NÇÌȪ»Ì½ßÉAÙÆñÇÌlbg[N (ÁÉ Sun ª
x[XÉÈÁÄ¢élbg[N) ÅÍ NIS ª®¢Ä¢Ü·B Linux }V
ÅÍA±êçÌ NIS T[rXð]·Æ±ëÈó¯½èAܽñµ½è·é
±ÆªÅ«Ü·Bܽ Linux }VÍA®SÉ@\·é NIS+ NCAgÆ
µÄ®ì³¹é±ÆàÅ«Ü·B½¾µ±¿çÍܾx[^ÌiKÅ·B
±Ì¶Í Linux }VÉ NIS(YP) Æ NIS+ ðZbgAbv·éû@É¢
ÄLqµ½àÌÅ·B¢¸êðÌp·éɵÄà Section 5 ÍK¸Çñź³
¢B
NIS-HOWTO Í Thorsten Kukuk <kukuk@suse.de> ÉæÁÄÒWEdzêÄ¢
Ü·B
ÈOÌ NIS-HOWTO ÍAȺÌlXÉæÁÄ·M³êܵ½BÞçɴӵܷ
B
Andrea Dell'Amico
Mitchum DSouza
Erwin Embsen
Peter Eriksson
óF v0.2 Ìú{êóͪÝǪ³ñÉæÁÄöJ³êܵ½B 0.6 ÖÌÇ
ÆÈ~ÌÇÍìYªsÁĢܷB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
1.1. ±Ì¶ÌÅVÅ
±Ì¶ÌÅVÅÍ¢ÂÅà WWW Å{·é±ÆªÅ«Ü·B URL Í http:/
/www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html Å·B
±ÌhL
gÌÅVÅÍA Linux ÖAÌ WWW TCgâ FTP TCgÉào
^³êÜ·Bà¿ëñ LDP Ìz[y[WÉà èÜ·B
|ó¶ÖÌNÍ http://www.suse.de/~kukuk/nis-howto/ ÉWßçêÄ
¢Ü·B
óFú{êÅ̶ÌÅVÅÍ JF Project Ìy[W <http://
www.linux.or.jp/JF/JFdocs/NIS-HOWTO/> Éu©êÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
1.2. ÆÓ
±Ì¶ÍÍÌm¯ðÅåÀWßÄ¢½ÂàèÅ·ªA³mÅÈ¢ªà
é©àµêܹñB±Ì¶ÅÐîµÄ¢évOÉ¢ÄÍA»ê¼ê
Ét®µÄ¢é README t@CðK¸Çñź³¢B»êçÉÍæèÚµ¢
à¾âæè³mÈîñª©êÄ¢é͸ŷÌÅBà¿ëñ±ÌhL
gàū龯Ôá¢ÌÈ¢àÌɵĢ«½¢Æl¦Ä¢Ü·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
1.3. tB[hobNÆ¡ãÌüÅ
±Ì¶ÉÖ·é¿ââRgª èܵ½çA¨CyÉ Thorsten Kukuk
ÜÅ[𺳢BAhXÍ <kukuk@suse.de> Å·BñÄâá»à½}µ
Ü·B±Ì¶Éëèð©Â¯½çAÉAµÄº³êÎÌÅÅù³µÜ
·Bæ뵨袵ܷB
óF|óÉηéRgÍìY <nakano@apm.seikei.ac.jp> ÜŨè
¢µÜ·B
ȨA È½Ì Linux zzpbP[WÉÁLÌâèÉÖµÄÍÉ[ð
çȢź³¢IÍ·×ÄÌzzpbP[WðmÁÄ¢éóÅÍ èܹñ
B½¾Aàµð@àÁÄ¢½¾¯êÎA¶ÉÇÁµ½¢ÆÍvÁÄ¢Ü
·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
1.4. Ó«
±ÌhL
gð쬷éÉ ½ÁÄA¼ÚI é¢ÍÔÚIɨ¢bÉÈ
èܵ½ÈºÌûXɴӵܷBAt@xbgÉF
Byron A Jeff
Markus Rex
Miquel van Smoorenburg
Dan York
yp-clients ÌIWiR[hÍ Theo de Raadt ÉæÁÄ쬳êܵ½B
Swen Thuemmler ª yp-clients ÌR[hð Linux ÉÚAµA yp ÖAÌ[
` (±êà Theo Ìd) ð libc ÉÚAµÜµ½B Thorsten Kukuk Í
GNU libc 2.x ü¯Ì NIS(YP) Æ NIS+ Ì[`ðXNb`©ç«Üµ
½B
óFú{êóÉ ½ÁÄÍAÚ×ÈZ³ðµÄº³Á½¼{¯i³ñEä
Lõ³ñðͶßA JF [OXgÌF³ñɨ¢bÉÈèܵ½B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
2. pêWÆêÊIÈîñ
2.1. pêW
±ÌhL
gÅͽÌȪêªgíêĢܷBȺÉdvÈàÌÌ
à¾ðÈPɰĨ«Ü·B
DBM
f[^x[X}lWg (DataBase Management)BõL[Æf[^Æ
ÌyAðÇ·éf[^x[X@\ðÁ½Cu̱ÆB
DLL
®INCu (Dynamically Linked Library)BvOÌÀs
ÉN³êéCu̱ÆB
domainname
NIS T[oªs·éL[[hB NIS NCAg¤ªgp·é NIS
T[oðÁè·éÌÉp¢çêéB±Ì domainname Í DNS Ì "domain"
Ư¶àÌÉ·éKvÍÈAÞµëÊɷ׫ŠéB
FTP
t@C]vgR (File Transfer Protocol)BRs
[^ÔÅt
@Cð]·éÉp¢çêévgRÌêÂB
libnsl
l[T[rXCu (Name services libraly)B SVR4 Unix ɨ¯
él[T[rXÖAÌ½ß (getpwnam, getservbyname ÈÇ) ÌCu
B GNU libc ÅÍ NIS (YP) ¨æÑ NIS+ @\ɱÌCuðp
¢éB
libsocket
SVR4 Unix ÅA\PbgÖWÌVXeR[ (socket, bind, listen È
Ç) ðñ·éCuB
NIS
lbg[NîñT[rX (Network Information Service)Blbg[
NãÌ·×ÄÌvZ@ÅKvÈîñð¤L·éT[rX̱ÆB Linux Ì
W libc CuÉÍ NIS ÌT|[gªÜÜêĨèA±êð±Ì¶
ÅÍ "trad-NIS" ÆL·B
(óF´¶ÅÍ "traditional NIS" ŵ½ªA·¢ÌÅóÒªèÉ¢
êµÜµ½)
NIS+
Network Information Service (Plus)Bî{IÉÍ NIS ð@\Abvµ½
àÌB NIS+ Í Sun Microsystems Inc. ÉæÁÄÝv³êA NIS ðãp
·éàÌƳêÄ¢éBZL
eBª»³êAå«ÈVXeɱü
·é̪eÕÉÈÁÄ¢éB
NYS
NYS ÍuNIS+, YP, Switchvð\·vWFNg¼Å éB Peter
Eriksson <pen@signum.se> ªÇµÄ¢éB±ÌvWFNgÅÍ NIS(=
YP) ÌR[hð 0 ©çÄÀµÄ¨èA NYS CuÌl[T[r
XXCb`@\ðp·éæ¤ÉÈÁÄ¢éB
NSS
l[T[rXXCb` (Name Service Switch)B /etc/nsswitch.conf
t@CÉæÁÄAeíÌîñÌNGXgÉεÄÇñÈÔÅõð
s¤©ðè·éB
RPC
[gvVW[R[ (Remote Procedure Call)B C vOà
Å RPC [`ðp·êÎAlbg[NãÉ é¼ÌvZ@ãÌè±
« (Tu[`) ðÄѾ·±ÆªÅ«éBÊí̶¬É¨¢ÄÍ Sun
Ì RPC ÀÌÓ¡Åp¢çêé±Æª½¢B
YP
CG[y[W (Yellow Pages (TM)) Yellow Pages Íp British
Telecom ÐÌo^¤WB
TCP-IP
Transmission Control Protocol/Internet Protocol ̪B TCP/IP Í
Unix ÅñíÉægíêÄ¢éf[^ÊMvgRÅ éB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
2.2. êÊIÈîñ
ȺÌàeÍ Sun(tm) System & Network Administration Manual ©çÌøp
Å·B
NIS Í©ÂÄTECG[y[W (Sun Yellow Pages, YP) ÆÄÎêÄ
¢Üµ½Bµ©µuYellow PagesvÍp British Telecom ÐÌo^¤W
ÅA³gp·é±ÆªÅ«Ü¹ñÌÅANIS ÆÄÔ±Æɵܵ½
B
NIS Í Network Information Service ̪ŷBlbg[NãÌ·×ÄÌv
Z@ŤL·×«îñðñ·é½ßÉp¢çêÜ·B NIS Åñ³êéîñ
ÆÍAá¦ÎȺÌæ¤ÈàÌÅ·B
E OC¼ApX[hAz[fBNg (/etc/passwd)
E O[vîñ (/etc/group)
á¦ÎA ȽÌpX[hª NIS ÌpX[hf[^x[XÉo^³êÄ¢
éƵܵå¤B·éÆ È½ÍA»±Å NIS ÌNCAgvOª®
¢Ä¢êÎAlbg[NãÌÇÌvZ@ÉàOC·é±ÆªÅ«éæ¤
ÉÈéÌÅ·B
Sun Í Sun Microsystems Ð̤WÅ èA SunSoft ÐÉCZX^³ê
ĢܷB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
3. NIS © NYS © NIS+ ©
3.1. libc 4/5 ÅÍ trad-NIS ©A»êÆà NYS Cu©H
trad-NIS ðp¢é© NYS CuÌ NIS R[hðp¢é©ÍAuá@\¾
ªÀèvðÆé©u_`¯vðÆé©ÌIðƾ¦Ü·B
trad-NIS ÌR[hÍW C CuÉüÁÄ©ç¾¢ÔoÁĢܷB¶
ÜêªÃ¢ªAââ_î«É¯éÆ±ëª èÜ·B
êû NYS CuÌ NIS R[hðp¢éÉÍA libc CuðÄR
pCµÄ libnsl ÌR[hð libc ÌÉÜßéKvª èÜ· (»Ìæ¤
ÉRpC³ê½ libc CuðüèÅ«é©àµêܹñ)B
ܽ trad-NIS ÌR[hÅÍ NIS ÌlbgO[v@\ªg¦Ü·ªA NYS
ÌR[hÉÍÀ³êĢܹñBtÉ NYS ÌR[hÅÍ Shadow Password
ð§ßIɵ¤±ÆªÅ«éæ¤ÉÈÁĢܷªA trad-NIS ÌR[hÍ
NIS ãÅÌ Shadow pX[hðT|[gµÄ¢Ü¹ñB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
3.2. glibc 2 Æ NIS/NIS+
GNU C Library 2.x (libc6) ðgÁÄ¢éêÍAÈãÌSÄÍYêĺ³¢
B libc6 ÅÍ NSS (l[XCb`T[rX) ð®SÉT|[gµÄ¨èAñ
íÉ_îÈ^pªÅ«éæ¤ÉÈÁĢܷBÜ½ÈºÌ NIS^NIS+ }bvª
T|[g³êĢܷ: aliases, ethers, group, hosts, netgroups,
networks, protocols, publickey, passwd, rpc, services, shadow. GNU C
Library ÅÍA shadow pX[hð NIS ÅÜÁ½âèȵ¤±ÆªÅ«
Ü·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
3.3. NIS © NIS+ ©H
Ç¿çðIÔ©YÞKvÍ èܹñBÁÉZL
eBÉßqÉÈéKvª
È©Á½èA NIS+ ðgíËÎÈçÈ¢RªÈ¢ÌÈçANIS ðg¢Üµå
¤B NIS+ ÌÇ͸ÁÆåÏÅ· (NCAg¤ÅÍ»êÙÇÅà èÜ
¹ñªAT[o[ÇÍnÅ·)B»êÉ Linux ãÅÌ NIS+ ÍܾJi
KÈÌÅ·Bp·éÉÍÅVÅÌ glibc 2.1 ªKvª èÜ·B¿åÁÆ
µÄݽ¢êÉÍAglibc Ì NIS+ T|[gð libc5 ÉÚAµ½àÌà¶Ý
µÜ· (½¾µ±êÍ¢T|[g)B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
4. ®ì´
4.1. NIS Ì®ì´
ÈÆà 1 äÌ NIS ÌT[o[ªlbg[NãÉKvÅ·B¡ÌT[
oðÒ®³¹é±ÆàÅ«Ü·B±ÌêÍ»ê¼êðÙÈÁ½ NIS uhC
vÌT[oÆ·é©A é¢Í 2 äÌT[oðÐÆÂÌhCãŦ²µ
Į쳹é±ÆÉÈèÜ·BãÒÌ\¬ÅÍ 1 äÌT[oªu}X^[T[
ovÆÈèA»Ì¼ÌT[oÍSÄuX[uT[ovÆÄÎêÜ· (1 ÂÌ
uhCvÉηé\¬Å·)BhCð¡A»ê¼êÉηéT[oà
¡AÆ¢Á½æ¤È\¬àÂ\Å·B
X[uT[oÍA}X^[T[oÌ NIS f[^x[XÌRs[Û¾¯ðµ
Ü·B}X^[T[oÌ NIS f[^x[XªÏX³êéÆAê»êðó¯æ
èÜ·Blbg[NÉÚ±³êÄ¢évZ@ÌäÆlbg[NÌM«
ðl¶µAX[uT[oðCXg[·é©Ç¤© (CXg[·éê
Í»Ìä) ðßĺ³¢B NIS NCAgÍANIS T[oªu¿Ä
v¢½èAX|Xªx©Á½è·éêÉÍA¿Ä¢È¢T[oâàÁ
ÆX|X̬¢T[oÆÌÚ±ðÝÜ·B
NIS f[^x[XÍ ASCII `®Ìf[^x[X©çÏ·³ê½A¢íäé DBM
tH[}bgÉÈÁĢܷBá¦Î /etc/passwd â /etc/group Æ¢Á½t
@CÍA ASCII-DBM Ï·vO (makedbm: T[o\tgÉüÁÄ¢Ü
·) ðgÁÄ¼Ú DBMtH[}bgÉÏ·Å«Ü·B NIS Ì}X^[T[oÍ
A ASCII `®Æ DBM `®Ìf[^x[XÆ̼ûðÁÄ¢ÈÄÍÈèÜ
¹ñB
X[uT[oÍ NIS }bvªÏX³êéÆÊmðó¯Ü· (yppush vO
ªp¢çêÜ·)B·éÆX[uT[oÍKvÈÏXðs¢Af[^x[
Xð¯ú³¹Ü·B NIS NCAgɱÌæ¤ÈìÆð·éKvÍ èܹ
ñBNCAgÍíÉÅVÌ DBM f[^x[XÌàeð NIS T[oÉÇÝ
És©çÅ·B
ypbind Ìâo[WÅÍA®ìÌ NIS T[oðT·ÌÉu[hL
Xgðp¢Ä¢Üµ½B±êÉÍZL
eBãÌâèª èܵ½BȺÈ
çN©ª NIS T[oðCXg[µÄAu[hLXgÌâ¢í¹É
¦éæ¤ÉÅ«é©çÅ·BVµ¢o[WÌ ypbind (ypbind-3.3 ܽÍ
ypbind-mt) ÅÍAT[oðÝèt@C©çæ¾Å«Ü· - µ½ªÁÄu
[hLXgÍsvÅ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
4.2. NIS+ Ì®ì´
NIS+ Í Sun ÉæéVµ¢lbg[NCtH[VT[rXÅ·B
NIS Æ NIS+ ÌÅàå«Èá¢ÍANIS+ ÅÍf[^ÌÃ»Æ secure RPC ð
ʵ½FØƪÂ\ÉÈÁÄ¢é_Å·B
NIS+ ̽¼fÍc[\¢ÉîâĢܷBc[Ì»ê¼êÌm[h
ª NIS+ ÌIuWFNgÉεĨèA±êÉÍZÂÌ^Cvª èÜ·B
fBNg (directory), Gg (entry), O[v (group), N
(link), e[u (table), vCx[g (private) Å·B
NIS+ ̼OóÔÅ[gÆÈé NIS+ fBNgÍ root fBNgÆÄ
ÎêÜ·B NIS+ ÉÍñÂÌÁÊÈfBNgª¶ÝµÜ·B org_dir Æ
groups_dir Å·B org_dir fBNgÉÍ·×ÄÌÇe[uªÜÜê
Ü·Bá¦Î passwd, hosts, mail_aliases ÈÇÅ·B groups_dir fBN
gÉÍANZXRg[Ép¢çêé NIS+ O[vIuWFNgªÜ
ÜêÜ·B org_dir Æ groups_dir ¨æÑ»êçÌefBNgðWß½à
̪ NIS+ hCƵÄQƳêÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
5. RPC |[g}bp
±ê©çྵĢ\tgEFA𮩷½ßÉÍAܸ /usr/sbin/
rpc.portmap ð®ì³¹Ä¨Kvª èÜ·B Linux ÌzzpbP[WÌ
ÉÍA±Ìf[ð§¿ã°é½ßÌR}hª /sbin/init.d/ â /etc/
rc.d/ É«ñÅ éàÌà èÜ·ÌÅA»ÌêÍYªðAR
gµÄu[g·é¾¯Å·BÀÛÌâèûÍfBXgr
[VÌh
L
gðÇÝܵå¤B
RPC |[g}bp (portmap(8)) ÍA RPC vOÔð TCP/IP |[gÔ
ÉÏ··éT[ovOÅ·B NIS NCAgvOªâÁÄ¢
éæ¤ÉA RPC T[o (NIS T[oÈÇ) É RPC ÄѾµðs¤ÉÍA RPC
|[g}bpª®¢Ä¢éKvª èÜ·B RPC T[ovOÍAÄ·
é TCP/IP |[gÔÆf[^ðñ·é RPC vOÔðAN®É|
[g}bpÉ`¦Ü·BNCAgvOªA é RPC vOÔ
ÉR[ðs¤ÛÉÍAܸT[o}VãÌ RPC |[g}bpÆðMµÄA
ÇÌ TCP/IP |[gÔÉ RPC ÌpPbgðêÎǢ̩ðèµÜ·B
RPC T[ovOÍ inetd(8) ©çàN®Å«Ü·ªA»ÌêÍ inetd
æèOÉ RPC |[g}bpðN®·éæ¤ÉµÄº³¢B
secure RPC ðp¢éêÉÍA|[g}bpÍ time T[rXðKvƵܷ
B·×ÄÌzXgÌ /etc/inetd.conf ÅAȺÌæ¤É time T[rXªp
Â\ÉÈÁÄ¢é±ÆðmFµÄº³¢B
#
# Time service is used for clock syncronization.
#
time stream tcp nowait root internal
time dgram udp wait root internal
dvFÝèt@CÏXµ½ Æ inetd ðÄN®·éÌðYêÈ¢±Æ!
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
6. NIS ÌÝè
6.1. }X^[T[oAX[uT[oANCAgðßé
ܸȺÌñÂÌêðl¦éKvª èÜ·B
1. Ú±·élbg[NãÉ NIS T[oª éêB
2. Ú±·élbg[NãÉ NIS T[oªÈ¢êB
ÅÌP[XÅÍ ypbind, ypwhich, ypcat, yppoll, ypmatch Æ¢Á½NC
AgvOðN®·é¾¯Åg¦éæ¤ÉÈèÜ·BêÔdvÈÌÍ
ypbind ÅA±ÌvOÍíÉÀs³êÄ¢éKvª èÜ· (ÂÜè ps
R}hðÀsµ½Æ«ÉvZXe[uÉ\¦³êȯêÎÈèܹñ)B
ypbind Í¢íäéf[vZXÅAVXeÌX^[gAbvt@C©
çN®·éKvª èÜ· (ÂÜè /etc/init.d/nis, /sbin/init.d/
ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local ÈÇ)B ypbind ªN®
³êêÎA»ÌvZ@Í»Ì_©ç NIS NCAgÆÈèÜ·B
ñÔÚÌP[XAÂÜè NIS T[oªÈ¢êÉÍA NIS T[ovO
(ÊíÍ ypserv) àKvÆÈèÜ·B±Ì¶Ì Section 9 ÅÍA±Ì
ypserv f[ðp¢Ä Linux }Vð NIS T[oÉÝè·éû@É¢Ä
ྵĢܷB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
6.2. \tgEFA
o[W 4.4.2 È~ÌVXeCu /usr/lib/libc.a àµÍ¤L
Cu /lib/libc.so.x ÉÍA NIS ÌNCAgET[ovOÌ
RpCÉKvÈVXeR[ª·×ÄÜÜêĢܷB GNU C Library
2 (glibc 2.x) ÅÍ /lib/libnsl.so.1 àKvÅ·B
NIS Í /usr/lib/libc.a Ìo[W 4.5.21 Èãŵ©®©È¢Æ¢¤ñ
ª èÜ·ÌÅAÀS̽ßÉÍâàÌÍgíÈ¢ûªÇ¢Åµå¤B NIS
ÌNCAgvOÍȺÅüèÅ«Ü·B
Site and Directory Filename
ftp.kernel.org:/pub/linux/utils/net/NIS yp-tools-2.4.tar.gz
ypbind-mt-1.7.tar.gz
ypbind-3.3.tar.gz
ypbind-3.3-glibc5.diff.gz
\tgðèÉüê½çA¯«³êÄ¢éà¾Éµ½ªÁĺ³¢B yp-clients
2.2 Í libc4 Ü½Í 5.4.20 ÜÅÌ libc5 ƤÉp¢Äº³¢B libc
5.4.21 È~Æ glibc 2.x ÉÍ yp-tools 1.4.1 È~ªKvÅ·BVµ¢
yp-tools Ìo[W 2.4 ÍA·×ÄÌ Linux libc Å®ìµÜ·B 5.4.21
©ç 5.4.35 ÜÅÌ libc ÍA NIS ÌR[hÉoOª éÌÅgíÈ¢ûªÇ
¢Åµå¤B libc 5.4.36 È~ðgíÈ¢ÆAÙÆñÇÌ YP vOÍ®
ìµÈ¢Åµå¤B ypbind 3.3 à·×ÄÌCuÅ®ìµÜ·B gcc
2.8.x È~© egcsA glibc 2.x ðpµÄ¢éêÍA
ypbind-3.3-glibc5.diff pb`ð ypbind 3.3 ÉÄéKvª èÜ·BZL
eBÉâèª éÌÅAÂ\Èç ypbind 3.3 ÍgíÈ¢Ù¤ªÇ¢Åµ
å¤B ypbind-mt ÍAVµJ³ê½}`XbhÌf[Å·B±ê
ÉÍ Linux 2.2 J[lÆ glibc 2.1 È~ªKvÅ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7. NIS NCAgÌÝè
7.1. ypbind f[
\tgEFAª¤ÜRpCÅ«½çCXg[µÜµå¤B ypbind
f[Í /usr/sbin fBNgÉüêéÆǢŵå¤B NYS ÌVXe
ÅÍ ypbind ÍKvȢƾ¤lª¢éæ¤Å·ªA±êÍÔáÁĢܷ
B ypwhich Æ ypcat ÍA©Èç¸ ypbind ðKvƵܷB
ypbind ÌCXg[Íà¿ëñX[p[[UÅs¤Kvª èÜ·B¼Ì
oCi (ypwhich, ypcat, yppoll, ypmatch) Í·×ÄÌ[U[©çANZ
XÂ\ÈfBNgÉu«Üµå¤BÊíÍ /usr/bin ªÇ¢Åµå¤B
ÅßÌ ypbind ÉÍÝèt@C /etc/yp.conf ª èÜ·B±±É NIS T[
oð¼É¢Ä¨±ÆàÅ«Ü·BÚµÍ ypbind(8) Ì}j
AðÇñ
ź³¢B±Ìt@CÍ NYS ÅàKvÅ·BȺÍáÅ·B
ypserver 10.10.0.1
ypserver 10.0.100.8
ypserver 10.3.1.1
NIS ȵÅàzXg¼ÌðªÅ«éVXeÅÍA IP AhXÅȼO
ðp¢é±ÆªÅ«Ü·B»¤ÅȯêÎ IP AhXðp¢Ü·B ypbind
3.3 ÉÍoOª èAÅãÌGg (ãLÌáÅÍ ypserver 10.3.1.1) µ
©p¢çê¸A¼ÍSij³êÜ·B ypbind-mt Åͳµµ¤±ÆªÅ«
AÅÉÔµ½T[oªp¢çêÜ·B
ypbind ðX^[gAbvt@CÉüêéOÉeXgµÄ¨±Æð¨©ßµ
Ü·B ypbind ÌeXgÍȺÌæ¤ÉµÄs¢Ü·B
E YP ÌhCl[ªÝè³êÄ¢é±ÆðmFµÄº³¢BÝè³êÄ
¢È¢êÍȺÌæ¤ÉµÜ·B
¡¢
/bin/domainname nis.domain
¤£
nis.domain ÍÊíKȶñÅA ȽÌ}VÌ DNS hCl[
ÆÍá¤àÌɷ׫ŷB±¤µÄ¨¯ÎAOÌNbJ[ªT[
o©ç NIS pX[hf[^x[XðñÅ¢Ìªí¸©Èªç¢ïÉ
ÈèÜ·B NIS hC¼ðmçÈ¢êÍVXeÇÒ©lbg[
NÇÒÉqËĺ³¢B
E /usr/sbin/rpc.portmap ªN®³êĢȯêÎN®µÜ·B
E /var/yp Æ¢¤fBNgªÈ¯êÎ쬵ܷB
E /usr/sbin/ypbind ðN®µÜ·B
E ypbind ªT[rXàeð|[g}bpÉo^Å«½©Ç¤©m©ßé½ß
ÉA rpcinfo -p localhost Æ¢¤R}hðÀsµÄº³¢BȺÌæ
¤Èoͪ»íêé͸ŷB
¡¢
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 637 ypbind
100007 2 tcp 639 ypbind
¤£
é¢ÍgÁÄ¢éo[WÉæÁÄÍ
¡¢
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100007 2 udp 758 ypbind
100007 1 udp 758 ypbind
100007 2 tcp 761 ypbind
100007 1 tcp 761 ypbind
¤£
Ìæ¤ÉÈé©àµêܹñB
E rpcinfo -u localhost ypbind àÀsµÄÝĺ³¢BȺÌæ¤È\¦
ªoé͸ŷB
¡¢
program 100007 version 2 ready and waiting
¤£
é¢ÍCXg[µ½ ypbind Ìo[WÉæÁÄÍ
¡¢
program 100007 version 1 ready and waiting
program 100007 version 2 ready and waiting
¤£
Ìæ¤ÈoÍÉÈé©àµêܹñBdvÈÌÍ "version 2" ÌbZ[
W¾¯Å·B
±±ÜÅêÎ ypcat Ìæ¤È NIS NCAgvOðÀsÅ«éÍ
¸Å·Bá¦Î NIS ÌpX[hf[^x[XðQƵ½¢êÉÍA ypcat
passwd.byname ƵܷB
dv: àµãqÌ ypbind ÌeXgðȪµ½êAÈÆàhCl[
ªÝèµÄ é±ÆÆ /var/yp Æ¢¤¼OÌfBNgªìÁÄ é±Æ
ðmFµÄº³¢B /var/yp ªÈ¢Æ ypbind ͳíÉN®Å«Ü¹ñB
hCl[ÌÝ誳µ¢©Ç¤©ð`FbN·éÉÍA yp-tools 2.2
Ì /bin/ypdomainname ðgÁĺ³¢B±ÌvOÍ
yp_get_default_domain() Öðg¤ÌÅAæèµµ¢`FbNªÅ«Ü·B
á¦Î Linux ÅftHgÉÈÁÄ¢é (»µÄ½ÌâèÌ´öÉÈÁÄ¢
é) "(none)" Ìæ¤ÈhC¼ÍA±ÌvOÅͳêܹñB
eXgª¤Ü¢Á½çX^[gAbvt@CðÏXµÄAu[gÉ
ypbind ªN®³êéæ¤ÉµÄ¨ÆǢŵå¤B©®IÉ NIS NCA
gƵÄÌ®ªJn³êÜ·B ypbind ÌN®OÉAhCl[ªÝ
è³êéæ¤É·éÌàYêÈ¢±ÆB
ÈãÅÝèÍI¹µÜµ½Bu[gµÄAu[gbZ[WÅ ypbind ª³
íÉ®ìµÄ¢é©Ç¤©mFµÄº³¢B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.2. trad-NIS ðp¢½ NIS NCAgðZbgAbv·é
zXg̼OðÉ NIS ðp¢éÉÍA /etc/host.conf t@CÅðð
wè·ésÉ "nis" ðwè (ܽÍÇÁ) µÄº³¢BÚ×Ét¢ÄÍ
resolv+(8) Ì}j
AðÇñź³¢B
ȺÌsð NIS NCAgÌ /etc/passwd ÉÇÁµÄº³¢B
+::::::
+ â - Æ¢Á½¶ðg¦ÎA[U[ðÇÁ/íµ½èóÔðÏXµ½è
Å«Ü·Bá¦Î[U guest ðíµ½¢Èç /etc/passwd t@CÉ
-guest ðÇÁ·êÎ OK Å·B[U "linux" ÉáÁ½VF (á¦Î ksh)
ðgí¹½¢Å·ÁÄHåävA"+linux::::::/bin/ksh" ð /etc/passwd É
ÇÁ·é¾¯Å· (øpÍæÁĺ³¢)BÏXµ½È¢tB[hÍóÌ
ÜÜɵĨKvª èÜ·B[UÌRg[ÉÍlbgO[vð
p¢é±ÆàÅ«Ü·B
á¦ÎuOCANZXð miquiels, dth, ed ÆlbgO[v sysadmin
Ìo[¾¯ÉÀè½¢ªAAJEgf[^ͼÌ[USõªªKvv
Æ¢¤æ¤ÈêÍȺÌæ¤ÉÈèÜ·B
+miquels:::::::
+ed:::::::
+dth:::::::
+@sysadmins:::::::
-ftp
+:*::::::/etc/NoShell
Linux ÅÍpX[hÌtB[hàã«Å«é±ÆÉӵĺ³¢Bâ
èûÍ¡ÌáÆS¯¶Å·B±ÌáÅÍ "ftp" ÌOCàíµÄ¢Ü·
B]ÁıÌ[UͶݵÈÈèA anonymous ftp Í@\µÈÈèÜ·
B
/etc/netgroup t@CÍȺÌæ¤ÉÈÁÄ¢éÆv¢Ü·B
sysadmins (-,software,) (-,kukuk,)
dvFlbgO[vÌ@\Í libc 4.5.26 ©çÀ³êܵ½B 4.5.26 È
OÌ libc ðgÁÄ¢é Linux }VÅ ypbind ðÀs·éÆA NIS ÌpX
[hf[^x[XÉGgð·×ÄÌ[UÍ»Ì}VÉANZX
ūĵܢܷI
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.3. NYS ðp¢½ NIS NCAgðZbgAbv·é
KvÈÌÍ NIS ÌÝèt@C (/etc/yp.conf) ųµ¢T[o(Q)©çîñ
ðàç¦éæ¤ÉµÄ¨±ÆA»µÄl[T[rXXCb`ÌÝèt@C
(/etc/nsswitch.conf) ð³µÝè·é±ÆÅ·B
ypbind àCXg[µÄ¨«Üµå¤B libc ÉÍKv èܹñªA NIS
(YP) Ìec[ÉͱêªKvÉÈèÜ·B
[UÌÇÁEr@\ (+/-guest/+@admins) ðp¢½¢êÍA "passwd:
compat" Æ "group: compat" ð nsswitch.conf Åwè·éKvª èÜ·B
"shadow: compat" Æ¢¤wèÍ èܹñB±ÌêÍ "shadow: files nis"
Ìæ¤ÉµÄº³¢B
NYS Ì\[XÍ libc 5 Ì\[Xɯ«³êĢܷB configure ðÀsµA
"Values correct" Ìâ¢ÉεÄêxÚÍ "NO" Ʀĺ³¢B»µÄ
"Build a NYS libc from nys" É뵀 "YES" Ʀĺ³¢B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.4. glibc 2.x ðp¢½ NIS NCAgðZbgAbv·é
glibc Í trad-NIS ðpµÜ·B]ÁÄ ypbind ðN®·éKvª èÜ·
Bܽl[T[rXXCb`ÌÝèt@C (/etc/nsswitch.conf) à³µ
Ýè·éKvª èÜ·B passwd/, shadow, group É compat [hðg
¤êÍA±êçÌt@CÌÅãÉ "+" ðÇÁ·éKvª èÜ·B[U
ÌÇÁEí@\ðp¢é±ÆàÅ«Ü·BÝèÍ Solaris 2.x ÌàÌÆÜÁ
½¯¶Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.5. nsswitch.conf t@C
lbg[NT[rXXCb`Ìt@C /etc/nsswitch.conf ÍAîñÖÌ
ANZXvª½Æ«És¤õÌÔðè·éàÌÅ·BzXg¼Ì
õÅp¢çêé /etc/host.conf t@CÆĢܷBá¦Î±Ìt@C
ɨ¢Ä
hosts: files nis dns
Æwè·êÎAzXg¼Ìõ@\Íܸ[JÌ /etc/hosts t@Cð
TµAÉ NISA»µÄhCl[T[rX (/etc/resolv.conf Æ
named) Æ¢¤ÔÅõðs¢Ü·BÅãÜÅ}b`·éà̪ȯêÎAG
[ªÔ³êé±ÆÉÈèÜ·B±Ìt@CÍSÄÌ[U©çÇÝæèÂ
\ÅȯêÎÈèܹñIæèÚ×ÈîñÍ nsswitch.5 © nsswitch.conf.5
Ì}j
Ay[Wð©Ä¾³¢B
NIS pÌ /etc/nsswitch.conf t@CƵÄÍAȺÌæ¤Èà̪ǢÅ
µå¤B
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the /var/db databases
# [NOTFOUND=return] Stop searching if not found so far
#
passwd: compat
group: compat
# For libc5, you must use shadow: files nis
shadow: compat
passwd_compat: nis
group_compat: nis
shadow_compat: nis
hosts: nis files dns
services: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
netgroup: nis
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
automount: files
aliases: nis [NOTFOUND=return] files
passwd_compat, group_compat, shadow_compat Í glibc 2.x ÅÌÝT|[g
³êĢܷB /etc/nsswitch.conf É shadow [ªÈ¯êÎA glibc Í
pX[hÌõÉ passwd [ðp¢Ü·B glibc pÌõW
[Æ
µÄA hesoid Ìæ¤ÈàÌà¶ÝµÄ¢Ü·B±êÉ¢ÄÍ glibc ̶
ðÇñž³¢B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.6. Shadow pX[hÆ NIS
NIS É shadow pX[hð¬Ê³¹éÌÍÇ¢l¦ÅÍ èܹñB shadow
VXeÌbgÅ éZL
eBª¸íêĵܤ©çÅ·B»êɱ
êªT|[g³êÄ¢é Linux C CuÍÉܹ߬ñB NIS ãÉ
shadow ð¬³È¢æ¤É·éÉÍA[JVXeÌ[U¾¯ð /etc/
shadow Éo^·é±ÆÅ·B NIS ɬ·[UGgð shadow f[^x
[X©çíµA»êçÌpX[hÍ passwd ɢĺ³¢B±¤·êÎ
root OCÉÍ shadow ðAêÊÌ NIS [UÉÍ passwd ðp¢é±Æ
ªÅ«éæ¤ÉÈèÜ·B±Ìû@ÈçA·×ÄÌ NIS NCAgŤÜ
®ìµÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.6.1. Linux
NIS Å shadow pX[hðp¢é±ÆªÅ«éBêÌ Linux libc Í GNU C
Library 2.x Å·B Linux libc5 ͱêðT|[gµÄ¢Ü¹ñB Linux
libc5 ð NYS ÆêÉRpCµ½êÍA½ÌR[hªÜÜêé±ÆÉ
ÍÈèÜ·BÅà±ÌR[hÍóµÉæÁÄÍÐÇóêĵܢA shadow
GgªSijµ¢êÅà®ìµÈ¢±Æª èÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.6.2. Solaris
Solaris Í NIS ãÅÌ shadow pX[hðT|[gµÄ¢Ü¹ñB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
7.6.3. PAM
PAM Í NIS ãÅÌ shadow pX[hðT|[gµÜ¹ñBÁÉ pam_pwdb/
libpwdb ª¾ßÈñÅ·B±êÍ RedHat 5.x [UÉÆÁÄå«ÈâèÅ·
B glibc Æ PAM ðgÁÄ¢éêÍA /etc/pam.d/* ÌGgðÏX·é
Kvª èÜ·B pam_unix_* W
[É é pam_pwdb Ì[ðu«·
¦Äº³¢Bµ©µ pam_unix_auth.so W
[ÉÍoOª éÌÅA±ê
ÍK¸®ì·éÆÍÀèܹñB
/etc/pam.d/login Ìáð鼃 °Ü·B
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_unix.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
8. NIS+ ÌÝè
8.1. \tgEFA
Linux Ì NIS+ NCAgR[hÍ GNU C CuÌo[W 2 pÉ
J³êīܵ½B±êð libc5 ÖÚAµ½àÌà èÜ·B¤pAvP
[VÌÙÆñÇÍ libc5 ÉN³êĢܷµA±êçAvP[V
ð glibc ü¯ÉÄRpC·é±ÆÍūܹñ©çB½¾µ libc5 Æ
NIS+ ð¯Ég¤ÛÉÍâèª èÜ·BX^eBbNÈvOÍ libc5
ÉN·é±ÆÍūܹñµA±ÌCuÅRpCµ½vO
ͼÌo[WÌ libc5 ÅÍ®ìµÜ¹ñB
GNU C Library 2.1 ðèÉüêARpC·éKvª èÜ·B 64bit v
bgtH[Èç GNU C Library 2.1.1 Å·Bx[XÌVXeƵÄA
glibc x[XÌzzpbP[WàKvÉÈèÜ·B Debian, RedHat, SuSE
Linux ÈÇÅ·B
ÇÌfBXgr
[VÅàA gcc/g++ RpCA libstdc++,
ncurses ðÄRpCµÈ¯êÎÈèܹñB Redhat ÅÍ PAM ÌÝèðå
ÉÏXµÈ¯êÎÈèܹñB SuSE Linux 6.0 ÅÍ shadow pbP[Wð
ÄRpCµÈ¯êÎÈèܹñB
NIS+ NCAgÌ\tgEFAÍȺ©çüèÅ«Ü·B
Site and Directory Filename
ftp.funet.fi:/pub/gnu/funet libc-*
glibc-crypt-*
glibc-linuxthreads-*
ftp.kernel.org:/pub/linux/utils/net/NIS+ nis-utils-1.3.tar.gz
http://www.suse.de/~kukuk/nisplus/ ÉÍAæèÚ×ÈîñÆÅVÌ\[Xª
èÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
8.2. NIS+ NCAgÌZbgAbv
dvF NIS+ NCAgðZbgAbv·éOÉA Solaris Ì NIS+ hL
gðÇñÅT[o¤ÅKvÈìÆðsÁĺ³¢B±Ì¶ÅÍNCA
g¤ÅǤ·êÎ梩É¢ĵ©q×ĢܹñI
Vµ¢ libc Æ nis-tools ðCXg[µ½çA NIS+ T[oãűÌV½
ÈNCAgpÌMCØ (credential) ð쬵ܷB portmap ª®ìµÄ
¢é±ÆðmF·éæ¤ÉµÄº³¢BÉNCAgÉ·é Linux PC Ì
ª NIS+ T[oÆêvµÄ¢é©`FbNµÄº³¢B secure RPC Ìê
ÍAMCØÌLøúÔÍ 3 ªµ© èܹñB·×ÄÌzXgÅ xntpd ð
ç¹é̪Ǣŵå¤B±êçªmFÅ«½çȺðÀsµÜ·B
¡¢
domainname nisplus.domain.
nisinit -c -H
¤£
±êÉæÁÄ cold X^[gt@Cªú»³êÜ·B¼ÌIvVÉÂ
¢ÄÍ nisinit Ì}j
Ay[WðÇñź³¢BhCl[Íu[
g̽ÑÉÝè³êéæ¤ÉµÄ¨¢Äº³¢B ȽÌlbg[NÌ NIS+
hCl[ªí©çÈ¢êÍAVXe©lbg[NÌÇÒÉqË
ĺ³¢B
É /etc/nsswitch.conf t@CðÏXµÜ·B publickey ɯéT[r
XÍ nisplus ¾¯ ("publickey: nisplus") ÅA¼ÌàÌÍ¢ÄÍÈçÈ¢
±ÆÉӵĺ³¢B
É keyserv ðN®µÄº³¢B±êÍu[gÉAK¸ portmap ̼ãÉ
N®³êéæ¤ÉµÄ¨¢Äº³¢B±¤µÄ
¡¢
keylogin -r
¤£
Æ·êÎVXeÌ root Ì駮ªÛdzêÜ· (ऱÌVµ¢zXgÌ
öJ®Í NIS+ ÌT[oÉÇÁµÜµ½æËH)B
niscat passwd.org_dir Æ·êÎA passwd f[^x[XÌ·×ÄÌGg
ð©é±ÆªÅ«é͸ŷB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
8.3. NIS+, keylogin, login ¨æÑ PAM
OCµ½Æ«ÉA[UÍ©ªÌ駮ð keyserv ÉZbg·éKvª
èÜ·B±êÉÍ keylogin ðp¢Ü·B glibc 2.1 ÆRpC³ê½ê
ÉÍA shadow pbP[WÌ login ͱêð[UÌãíèÉÀsµÄêÜ
·B PAM ðF¯·é login ðpÓ·éÉÍA pam_keylogin-1.2.tar.gz ðC
Xg[µA /etc/pam.d/login t@CðÏXµÄ pwdb ÌãíèÉ pam&
_unix_auth ðg¤æ¤É·éKvª èÜ· (pwdb Í NIS+ ðT|[gµÜ
¹ñ)Báð¦µÜ·B
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_unix2.so set_secrpc
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix2.so
password required /lib/security/pam_unix2.so
session required /lib/security/pam_unix2.so
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
8.4. nsswitch.conf t@C
lbg[NT[rXXCb`Ìt@C /etc/nsswitch.conf ÍAîñÖÌ
ANZXvª½Æ«És¤õÌÔðè·éàÌÅ·BzXg¼Ì
õÅp¢çêé /etc/host.conf t@CÆĢܷBá¦Î±Ìt@C
ɨ¢Ä
hosts: files nisplus dns
Æwè·êÎAzXg¼Ìõ@\Íܸ[JÌ /etc/hosts t@Cð
TµAÉ NIS+A»µÄhCl[T[rX (/etc/resolv.conf Æ
named) ƾ¤ÔÅõðs¢Ü·BÅãÜÅ}b`·éà̪ȯêÎG
[ªÔ³êé±ÆÉÈèÜ·B
NIS+ pÌ /etc/nsswitch.conf t@CÍAȺÌæ¤ÈàÌɵĨ¯ÎÇ
¢Åµå¤B
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the /var/db databases
# [NOTFOUND=return] Stop searching if not found so far
#
passwd: compat
group: compat
shadow: compat
passwd_compat: nisplus
group_compat: nisplus
shadow_compat: nisplus
hosts: nisplus files dns
services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files
netgroup: nisplus
bootparams: nisplus [NOTFOUND=return] files
publickey: nisplus
automount: files
aliases: nisplus [NOTFOUND=return] files
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
9. NIS T[oÌÝè
9.1. T[ovO ypserv
±Ì¶ÅÍA NIS T[oƵÄÍ "ypserv" ÌÝèû@ÌÝðLµÜ·B
NIS T[oÌ\tgÍ鼃 èÜ·B
Site and Directory Filename
ftp.kernel.org:/pub/linux/utils/net/NIS ypserv-1.3.11.tar.gz
http://www.suse.de/~kukuk/nis/ ÉAæèÚµ¢îñª èÜ·B
T[oÌZbgAbvû@Í trad-NIS / NYS Ç¿çÌêÅ௶ŷB
RpCµÄ ypserv Æ makedbm ðìèÜ·B securenets t@Cðg¤
© tcp_wrapper ðg¤©ðÝèÅ«Ü·B tcp_wrapper Ìûª¸ÁÆ_îÅ
·ªA±êªâèÌ´öÆÈéêà½mçêĢܷB tcp_wrapper ÍÝ
èt@CÌ«ûÉæÁÄÍ[[NðN±·±Æà èÜ·Bàµ
tcp_wrapper ðg¤æ¤É ypserv ðRpCµÄâèªN±Á½êÉÍ
A securenets t@Cðp¢éæ¤ÉRpCµÈ¨µÄ¾³¢B
ypserv --version Æ·êÎÇ¿çÌo[WðgÁĢ驪©èÜ·B
T[oð}X^[ƵÄN®·éêÍA NIS ðp¢Ä¤L³¹ét@Cð
ßľ³¢B»µÄ /var/yp/Makefile Ì "all" [ÉKvÈàÌðÁ
¦½èAsvÈàÌðíµ½èµÄ¾³¢Bܽ Makefile ÌæªÌûà
K¸©ÄAIvVð©ªÌÂ«É í¹ÄÒWµÄ¨×«Å·B
ypserv 1.1 Æ ypserv 1.2 ÆÌÔÅÍAå«ÈÏXªsíêܵ½B 1.2 È
~ÅÍAt@CnhªLbV
³êéæ¤ÉÈÁ½ÌÅ·B±êÉæ
èAVµ¢}bv𶬷éÆ«ÉÍK¸ makedbm É -c IvVð¯È
¯êÎÈçÈÈèܵ½B /var/yp/Makefile ª ypserv 1.2 È~Ét®Ì
àÌÅ é±ÆðmFµÄº³¢B é¢Í Makefile Ì makedbm ÉAèÅ
-c tOðÁ¦Äº³¢B±êðYêéÆAypserv ÍXV³ê½}bvÅÍ
ÈAâ}bvðg¢±¯ÄµÜ¢Ü·B
É /var/yp/securenets Æ /etc/ypserv.conf ðÒWµÜ·BÚ×Í ypserv
(8) Æ ypserv.conf(5) Ì}j
Ay[WðÇñź³¢B
|[g}bp (rpc.portmap) ª®¢Ä¢é©mFµÄº³¢BmFÅ«½ç
ypserv 𮩵ܷB
¡¢
% rpcinfo -u localhost ypserv
¤£
Æ¢¤R}hðÀsµÄÝÄA
¡¢
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
¤£
Æoͳêé±ÆðmFµÄº³¢B
"version 1" ÌsÍA ypserv Ìo[Wâp¢½ÝèÉæÁÄÍoÈ¢©
àµêܹñB±êªKvÉÈéÌÍÌÌ SunOS 4.x ðNCAgƵÄg
¤ê¾¯Å·B
±±Å NIS (YP) f[^ð쬵ܷB}X^[T[oÅȺðÀsµÄº³
¢B
¡¢
% /usr/lib/yp/ypinit -m
¤£
X[uT[oÅÍA ypwhich -m ª@\·é±ÆðmFµÄº³¢BÂÜè
X[uÉ·ézXgÍAܸ NIS NCAgƵĮìūȯêÎÈç
È¢ÌÅ·BmFÅ«½çȺðÀsµÄA±ÌzXgð NIS X[uɵÜ
·B
¡¢
% /usr/lib/yp/ypinit -s masterhost
¤£
±êŨµÜ¢AT[oÍ®ìµÄ¢é͸ŷB
½©å«Èâ誶¶½çA ypserv â ypbind ðÊÌ xterm ©çfobO
[hÅN®µÄÝܵå¤BfobOoͩ罪âèÈÌ©ª»fÅ«éÍ
¸Å·B
}bvðXV·éKvª¶¶½êÍA NIS }X^[Ì /var/yp fBNg
Å make ðÀsµÄ¾³¢B\[Xt@CªVµ¢êÉÍ}bvªX
V³êAX[uT[oÉ push ³êÜ·B}bvÌXVÉÍ ypinit Íp¢
È¢æ¤ÉµÄ¾³¢B
uX[uvT[oãÅÍ root Ì crontab ðÒWµAȺÌæ¤ÈsðÇÁ
µÄ¨ÆÇ¢©àµêܹñB
20 * * * * /usr/lib/yp/ypxfr_1perhour
40 6 * * * /usr/lib/yp/ypxfr_1perday
55 6,18 * * * /usr/lib/yp/ypxfr_2perday
ªê}X^T[oÅÌXVÌÛÉX[uª_EµÄ¢Äf[^ðó¯¹
ÈÁÄàC±êÉæÁÄ NIS }bvðÅVÉÛ±ƪūܷB
X[uÍ¢ÂÅàÇÁ·é±ÆªÅ«Ü·BܸVµCXg[µ½X
[uT[oª NIS }X^[ÉÚ±·éÂðÁÄ¢é©ðmFµÜµå¤
BÉ
¡¢
% /usr/lib/yp/ypinit -s masterhost
¤£
ðVµ¢X[uÅÀsµÜ·B}X^[T[oÅÍA±ÌVµ¢X[uT
[o̼Oð /var/yp/ypservers ÉÇÁµA /var/yp Å make ðÀsµÄ}
bvðXVµÜ·B
NIS T[oÖÌ[UANZXð§Àµ½¢êÍA NIS T[oÌzXgðN
CAgƵÄàÀs·éKvª èÜ·BÂÜè ypbind ðÀsµÄ "+"
Ìt¢½GgðpX[ht@C /etc/passwd ̼ÎÉÇÁµÜ·B
CuÖÍ NIS GgÈ~Éu©ê½ÊíÌGgðSijµAc
èð NIS ðʵÄ澵ܷB±Ìæ¤É·éÆ NIS ÌANZX[ðÇ
·é±ÆªÅ«Ü·Báð¦µÜ·B
root:x:0:0:root:/root:/bin/bash
daemon:*:1:1:daemon:/usr/sbin:
bin:*:2:2:bin:/bin:
sys:*:3:3:sys:/dev:
sync:*:4:100:sync:/bin:/bin/sync
games:*:5:100:games:/usr/games:
man:*:6:100:man:/var/catman:
lp:*:7:7:lp:/var/spool/lpd:
mail:*:8:8:mail:/var/spool/mail:
news:*:9:9:news:/var/spool/news:
uucp:*:10:50:uucp:/var/spool/uucp:
nobody:*:65534:65534:noone at all,,,,:/dev/null:
+miquels::::::
+:*:::::/etc/NoShell
[ All normal users AFTER this line! ]
tester:*:299:10:Just a test account:/tmp:
miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
±Ìæ¤É[U "tester" ͶݵܷªAVFª /etc/NoShell ÉÈè
Ü·B miquels ÍÊíÌANZX ð±ÆÉÈèÜ·B
é¢Í /var/yp/Makefile t@CðÒWµA NIS ªg¤pX[ht@C
ðÊÉwè·é±ÆªÅ«Ü·Bå«ÈVXeÅÍANIS ÌpX[ht
@CÆO[vt@CÍÊí /var/yp/ypfiles Éu±Æª½¢æ¤Å·
B±Ìæ¤É·éÆpX[ht@CÖAÌÇc[Íg¦ÈÈèÜ·
BÂÜè passwd, chfn, adduser ÈÇÉεAÁÊÈc[ªKvÉÈèÜ·
B
µ©µ yppasswd, ypchsh, ypchfn ÍR®ìµÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
9.2. T[ovO yps
NIS T[o yps ÌÝèÍOÌZNVðQlɵĺ³¢BåÌĢܷ
ª®Sɯ¶ÅÍÈ¢ÌÅA ypserv Ìà¾ðKp·éÛÉÍӵĺ³¢
B yps ÍàÍâNàT|[gµÄ¢Ü¹ñµA¢Â©ZL
eBz[à
¶ÝµÄ¢Ü·Bg¤×«ÅÍ èܹñI
yps Ì\tgÍȺÌTCgÉ èÜ·B
Site and Directory Filename
ftp.lysator.liu.se:/pub/ yps-0.21.tar.gz
NYS/servers ftp.kernel.org:/pub/linux/ yps-0.21.tar.gz
utils/net/NIS
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
9.3. rpc.ypxfrd vO
rpc.ypxfrd ÍñíÉå«È NIS }bvð NIS }X^[©ç NIS X[uT
[o[É]·éÛÉA]𬻷é½ßÉp¢çêÜ·B NIS X[u
T[o[ÍAVµ¢}bvª éÆ¢¤bZ[Wðó¯æéÆA»Ì}bv
ðæ¾·é½ßÉ ypxfr ðN®µÜ·B ypxfr Í yp_all() Öðp¢Ä}
bvÌàeð}X^[T[o[©çÇÝà¤ÆµÜ·B±ÌîñÍf[^[
x[XCuðʵÄÛ¶³êé½ßA}bvÌTCYªñíÉå«È
éÆA±ÌvZXͪ੩Áĵܤ±Æª èÜ·B
rpc.ypxfrd T[o[ÍA NIS X[uT[o[É}X^[Ì}bvt@C
ðPÉRs[³¹A]vZX𬻵ܷBX[uT[o[ª[
©ç©OÌ}bv𶬷éÌÉä×A±ê͸ÁÆZÔÅ·ÝÜ·B
rpc.ypxfrd Í RPC x[XÌ]vgRðp¢éÌÅAVµ¢}bvð¶
¬·éKvÍ èܹñB
rpc.ypxfrd Í inetd ©çN®·é±ÆàÅ«Ü·ªAN®ÉÍÔª©©é
ÌÅA ypserv ÆêÉf[ƵÄN®µÄ¨Ù¤ª¢¢Åµå¤B
rpc.ypxfrd Í NIS }X^[T[ož¯N®µÄ¨¯Î OK Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
9.4. rpc.yppasswdd vO
[UªpX[hðÏXµ½Æ«ÉÍA NIS ÌpX[hf[^x[XâA
»êÉ˶µ½¼Ì NIS f[^x[XàÏX³êȯêÎÈêܹñB±êð
sȤ̪ rpc.yppasswdd Å·B±ÌvOÍpX[hÏXðæèµ¢
A NIS Ìîñª³µXV³êéæ¤ÉµÜ·B»Ý rpc.yppasswdd Í
ypserv ÌêÆÈÁĢܷBÊpbP[WÉÈÁÄ¢é
yppasswd-0.9.tar.gz â yppasswd-0.10.tar.gz ÈÇÍâÌÅg¤KvÍ
èܹñµAܽ¡ãg¤×«ÅÍ èܹñB ypserv 1.3.2 Ì
rpc.yppasswdd Í shadow ð®SÉT|[gµÄ¢Ü·B yppasswd Í
yp-tools-2.2.tar.gz ÉüÁĢܷB
rpc.yppasswdd ðÀs·éÌÍ NIS }X^[T[oÌÝÅ·BftHgÅÍ
A[U[Ítl[âOCVFðÏX·é±ÆªÅ«È¢æ¤ÉÈ
ÁĢܷB±êð·éÉÍA»ê¼ê -e chfn ¨æÑ -e chsh IvV
ðwèµÜ·B
passwd Æ shadow t@Cª /etc ÈOÉ éêÍA -D IvVðwè
·éKvª èÜ·Bá¦ÎSÄÌ\[Xt@Cð /etc/yp Éu¢ÄA[
UÉVFÌÏXðÂ\ɵ½¢êÍA rpc.yppasswdd ðȺÌp[^
ÅÀsµÈ¯êÎÈèܹñ:
¡¢
# rpc.yppasswdd -D /etc/yp -e chsh
¤£
ܽÍ
¡¢
# rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh
¤£
Åà OK Å·B
¼ÉÍÁÉ·é±ÆÍ èܹñB½¾A rpc.yppasswdd ª /var/yp/
Makefile Ư¶t@CðgÁÄ¢é©Ç¤©ÍCð¯Ĩ¢Ä¾³¢B
G[Í syslog ðʵÄL^³êÜ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
10. NIS/NYS CXg[Ì`FbN
·×Ī¤ÜsÁ½çAÈPÈR}hðgÁÄCXg[Ì`FbNð
sÁĺ³¢Bá¦ÎpX[ht@Cª NIS/NYS ŤL³êÄ¢éêÍ
A
¡¢
% ypcat passwd
¤£
Æ¢¤R}hÅ NIS ÌpX[ht@CÌàeª©çêé͸ŷBܽ
¡¢
% ypmatch userid passwd
¤£
Æ·êÎAwèµ½[UÌGgªpX[ht@C©çæèo³êÄ
\¦³êÜ· (userid ÉÍKÈ[UÌOC¼ðüêÜ·)BȨ
ypcat â ypmatch ÍA trad-NIS â NYS ÌzzpbP[WÉüÁĢܷB
[U[ÉæéOCªÅ«È¢êÉÍAȺÌvOðNCA
gÅÀsµÄÝĺ³¢B
#include
#include
#include
int
main(int argc, char *argv[])
{
struct passwd *pwd;
if(argc != 2)
{
fprintf(stderr,"Usage: getwpnam username\n");
exit(1);
}
pwd=getpwnam(argv[1]);
if(pwd != NULL)
{
printf("name.....: [%s]\n",pwd->pw_name);
printf("password.: [%s]\n",pwd->pw_passwd);
printf("user id..: [%d]\n", pwd->pw_uid);
printf("group id.: [%d]\n",pwd->pw_gid);
printf("gecos....: [%s]\n",pwd->pw_gecos);
printf("directory: [%s]\n",pwd->pw_dir);
printf("shell....: [%s]\n",pwd->pw_shell);
}
else
fprintf(stderr,"User \"%s\" not found!\n",argv[1]);
exit(0);
}
±ÌvOð[U¼ðp[^ƵÄÀsµÜ·ÆA»Ì[UÉÎ
µÄ getpwnam ÖªÔ·îñªSÄ\¦³êÜ·B±êÉæÁÄAÇÌG
gªÔáÁĢ驪í©éŵå¤Bæ éÔá¢ÆµÄÍApX[
hÌtB[hª "*" ÉæÁÄ㫳êÄ¢éAÈǪ èÜ·B
GNU C Library 2.1 (glibc 2.1) ÉÍ getent Æ¢¤c[ªÂ¢Ä«Ü·B
»Ìæ¤ÈVXeÅÍAãLÌãíèɱ¿çðg¢Üµå¤B
¡¢
% getent passwd
¤£
â
¡¢
% getent passwd login
¤£
Ìæ¤ÉµÄÝܵå¤B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11. ÄN®Ì©®Às
NIS ªT[oâNCAgųµÝèÅ«½çA±ÌÝèªN®Éà³
µ½f³êé©ðmFµÈ¯êÎÈèܹñB
`FbN·é_Í 2  èÜ·BN®XNvgª é©Ç¤©ÆA NIS h
C¼ª³µ¢êÉÛ¶³êÄ¢é©Ç¤©AÅ·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.1. NIS pÌN®XNvg
ȽÌgÁÄ¢é Linux ÅÌN®XNvgÌuêÉÈÁÄ¢éfBN
gð²×ܵå¤B /etc/init.d, /etc/rc.d/init.d, /sbin/init.d ÈÇÉ
ÈÁÄ¢éÆv¢Ü·B NIS ÌN®XNvgª é©Ç¤©mFµÜµå¤
Bt@C̼OÍÓ¤ ypbind Æ© ypclient ÆÈÁÄ¢éæ¤Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.2. NIS hC¼
¨»ç éíÌlXÉÆÁÄA NIS ðg¤ãÅÌÅåÌïÖÍA NIS h
C¼ðÄN®ãÉàæ¾Å«éæ¤É·é±Æŵå¤B Solaris 2.x ÅÍ
ANIS hC¼Í
¡¢
/etc/defaultdomain
¤£
É 1 sÅ©êĢܵ½Bµ©µAÙÆñÇÌ Linux fBXgr
[V
ÅͱÌt@CÍgÁĢȢæ¤Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.3. fBXgr
[VÅLÌbè
»ÝÌƱëA¢ë¢ëÈ Linux fBXgr
[Vɨ¯é NIS h
C¼ÌÛÇêÍAȺÌæ¤ÉÈÁÄ¢éæ¤Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.3.1. Caldera 2.x
Caldera Í /etc/nis.conf t@Cðp¢Ä¢éæ¤Å·B®ÍÊíÌ /
etc/yp.conf Ư¶Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.3.2. Debian
Debian Í Sun Ư¶ /etc/defaultdomain ðgÁÄ¢éæ¤Å·B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.3.3. Red Hat 6.x, 7.x
/etc/sysconfig/network t@CÌ NISDOMAIN Ïð (ȯêÎ쬵Ä)
C³µÄ¾³¢B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
11.3.4. SuSE Linux
/etc/rc.config t@CÌ YP_DOMAINNAME ÏðC³µÄA SuSEconfig R
}hðÀsµÄ¾³¢B
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
12. NIS Å樱éâèÆ»Ìðû@
ȺÌæ¤Èâ誽Ì[U©çñ³êĢܷB
1. o[W 4.5.19 ÌCuÍóêĨè NIS Í®ìµÜ¹ñB
2. Cuð 4.5.19 ©ç 4.5.24 ÉAbvO[h·éÆ su R}h
ªg¦ÈÈèÜ·B±ÌêÍ su R}hð Slackware 1.2.0 ©çü
èµÜ·B¢ÅÉÅVÌCuà±üµÄµÜ¤ÆǢŵå¤B
3. NIS T[oðÄN®³¹½ÛAypbind ª
¡¢
yp_match: clnt_call:
RPC: Unable to receive; errno = Connection refused
¤£
Ìæ¤ÈbZ[Wð\¦µA NIS Ìf[^x[XÉo^³êÄ¢élª
OCÅ«ÈÈé±Æª èÜ·B root ÅOCµÄ ypbind ð
kill µAypbind ðN®µÈ¨µÄÝĺ³¢B ypbind 3.3 È~ÉAb
vf[gµÄàðÅ«éÆv¢Ü·B
4. libc ð 5.4.20 ÈãÌÅÉAbvO[h·éÆA YP tools ª®ìµÈ
ÈèÜ·B libc >= 5.4.21 ¨æÑ glibc 2.x ÉÍ yp-tools 1.2 ªK
vÅ·B»êÈOÌÅÌ libc ÉÍ yp-clients 2.2 ªKvÅ·B
yp-tools 2.x Èç·×ÄÌCuÅ®ìµÜ·B
5. libc 5.4.21-5.4.35 Ì yp_maplist ÍóêĢܷB yp-tools 1.x ðp
¢éÉÍ 5.4.36 È~ªKvÅ·B³à颮 ypwhich ÈÇÌ YP vO
Í segfault µÄµÜ¤Í¸Å·B
6. libc5 Æ trad-NIS Í shadow pX[hÌ NIS ÅÌzzðT|[gµÄ
¢Ü¹ñB libc5 + NYS Ü½Í glibc 2.x ðp¢éKvª èÜ·B
7. ypcat shadow doesn't show the shadow map. This is correct, the name
of the shadow map is shadow.byname, not shadow.
8. Solaris ÍK¸µàÁ |[gðp¢Ü¹ñB]ÁÄ Solaris ÌNCA
gª éêÍpX[h mangling ðp¢ÄÍ¢¯Ü¹ñB
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
13. æ é¿â (FAQ)
Ƚª^âÉvÁÄ¢½±Æͱ±ÜÅÉ媪ð³ê½±ÆÆv¢Ü
·ªAܾ^â_ªcÁĢܵ½çA
comp.os.linux.networking
ÈÇÉ¿â·éÆÇ¢Æv¢Ü·B
óFú{êÌj
[XO[vƵÄÍ
fj.os.linux
japan.comp.linux
ÈǪǢŵå¤B
óÒÌy[W (http://surf.ap.seikei.ac.jp/~nakano/linux/NIS-j.html) É
ÍAÂlIÈCXg[̱Lª¢Ä éÙ©A±Ì¶ÅÐî³êÄ¢
é\tgEFAüèæÌ~[̤¿AàÌàÌðÐîµÄ¢Ü·B
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
e74e806c1a2640e922856d7eb69d1420
>
files
>
79
