The Linux NIS(YP)/NYS/NIS+ HOWTO Thorsten Kukuk ìY - (ú{êó) v1.1.1, 18 November 2000 ±Ì¶ÅÍ Linux ð NIS(YP) Ü½Í NIS+ ÌNCAgÉÝè·éû @A¨æÑ NIS T[oðCXg[·éû@É¢Äq×Ü·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª Table of Contents 1. ͶßÉ 1.1. ±Ì¶ÌÅVÅ 1.2. ÆÓ 1.3. tB[hobNÆ¡ãÌüÅ 1.4. Ó« 2. pêWÆêÊIÈîñ 2.1. pêW 2.2. êÊIÈîñ 3. NIS © NYS © NIS+ © 3.1. libc 4/5 ÅÍ trad-NIS ©A»êÆà NYS Cu©H 3.2. glibc 2 Æ NIS/NIS+ 3.3. NIS © NIS+ ©H 4. ®ì´ 4.1. NIS Ì®ì´ 4.2. NIS+ Ì®ì´ 5. RPC |[g}bp 6. NIS ÌÝè 6.1. }X^[T[oAX[uT[oANCAgðßé 6.2. \tgEFA 7. NIS NCAgÌÝè 7.1. ypbind f[ 7.2. trad-NIS ðp¢½ NIS NCAgðZbgAbv·é 7.3. NYS ðp¢½ NIS NCAgðZbgAbv·é 7.4. glibc 2.x ðp¢½ NIS NCAgðZbgAbv·é 7.5. nsswitch.conf t@C 7.6. Shadow pX[hÆ NIS 8. NIS+ ÌÝè 8.1. \tgEFA 8.2. NIS+ NCAgÌZbgAbv 8.3. NIS+, keylogin, login ¨æÑ PAM 8.4. nsswitch.conf t@C 9. NIS T[oÌÝè 9.1. T[ovO ypserv 9.2. T[ovO yps 9.3. rpc.ypxfrd vO 9.4. rpc.yppasswdd vO 10. NIS/NYS CXg[Ì`FbN 11. ÄN®Ì©®Às 11.1. NIS pÌN®XNvg 11.2. NIS hC¼ 11.3. fBXgr [VÅLÌbè 12. NIS Å樱éâèÆ»Ìðû@ 13. æ é¿â (FAQ) 1. ͶßÉ Linux }VÍÇñÇñlbg[NÉÚ±³êéæ¤ÉÈÁīܵ½BÜ ½lbg[NÇÌȪ»Ì½ßÉAÙÆñÇÌlbg[N (ÁÉ Sun ª x[XÉÈÁÄ¢élbg[N) ÅÍ NIS ª®¢Ä¢Ü·B Linux }V ÅÍA±êçÌ NIS T[rXð]·Æ±ëÈó¯½èAܽñµ½è·é ±ÆªÅ«Ü·Bܽ Linux }VÍA®SÉ@\·é NIS+ NCAgÆ µÄ®ì³¹é±ÆàÅ«Ü·B½¾µ±¿çÍܾx[^ÌiKÅ·B ±Ì¶Í Linux }VÉ NIS(YP) Æ NIS+ ðZbgAbv·éû@É¢ ÄLqµ½àÌÅ·B¢¸êðÌp·éɵÄà Section 5 ÍK¸Çñź³ ¢B NIS-HOWTO Í Thorsten Kukuk <kukuk@suse.de> ÉæÁÄÒWEdzêÄ¢ Ü·B ÈOÌ NIS-HOWTO ÍAȺÌlXÉæÁÄ·M³êܵ½BÞçɴӵܷ B Andrea Dell'Amico Mitchum DSouza Erwin Embsen Peter Eriksson óF v0.2 Ìú{êóͪÝǪ³ñÉæÁÄöJ³êܵ½B 0.6 ÖÌÇ ÆÈ~ÌÇÍìYªsÁĢܷB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 1.1. ±Ì¶ÌÅVÅ ±Ì¶ÌÅVÅÍ¢ÂÅà WWW Å{·é±ÆªÅ«Ü·B URL Í http:/ /www.suse.de/~kukuk/nis-howto/HOWTO/NIS-HOWTO.html Å·B ±ÌhL gÌÅVÅÍA Linux ÖAÌ WWW TCgâ FTP TCgÉào ^³êÜ·Bà¿ëñ LDP Ìz[y[WÉà èÜ·B |ó¶ÖÌNÍ http://www.suse.de/~kukuk/nis-howto/ ÉWßçêÄ ¢Ü·B óFú{êÅ̶ÌÅVÅÍ JF Project Ìy[W <http:// www.linux.or.jp/JF/JFdocs/NIS-HOWTO/> Éu©êÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 1.2. ÆÓ ±Ì¶ÍÍÌm¯ðÅåÀWßÄ¢½ÂàèÅ·ªA³mÅÈ¢ªà é©àµêܹñB±Ì¶ÅÐîµÄ¢évOÉ¢ÄÍA»ê¼ê Ét®µÄ¢é README t@CðK¸Çñź³¢B»êçÉÍæèÚµ¢ à¾âæè³mÈîñª©êÄ¢é͸ŷÌÅBà¿ëñ±ÌhL gàū龯Ôá¢ÌÈ¢àÌɵĢ«½¢Æl¦Ä¢Ü·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 1.3. tB[hobNÆ¡ãÌüÅ ±Ì¶ÉÖ·é¿ââRgª èܵ½çA¨CyÉ Thorsten Kukuk ÜÅ[𺳢BAhXÍ <kukuk@suse.de> Å·BñÄâá»à½}µ Ü·B±Ì¶Éëèð©Â¯½çAÉAµÄº³êÎÌÅÅù³µÜ ·Bæ뵨袵ܷB óF|óÉηéRgÍìY <nakano@apm.seikei.ac.jp> ÜÅ¨è ¢µÜ·B ȨA È½Ì Linux zzpbP[WÉÁLÌâèÉÖµÄÍÉ[ð çȢź³¢IÍ·×ÄÌzzpbP[WðmÁÄ¢éóÅÍ èܹñ B½¾Aàµð@àÁÄ¢½¾¯êÎA¶ÉÇÁµ½¢ÆÍvÁÄ¢Ü ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 1.4. Ó« ±ÌhL gð쬷éÉ ½ÁÄA¼ÚI é¢ÍÔÚIɨ¢bÉÈ èܵ½ÈºÌûXɴӵܷBAt@xbgÉF Byron A Jeff Markus Rex Miquel van Smoorenburg Dan York yp-clients ÌIWiR[hÍ Theo de Raadt ÉæÁÄ쬳êܵ½B Swen Thuemmler ª yp-clients ÌR[hð Linux ÉÚAµA yp ÖAÌ[ ` (±êà Theo Ìd) ð libc ÉÚAµÜµ½B Thorsten Kukuk Í GNU libc 2.x ü¯Ì NIS(YP) Æ NIS+ Ì[`ðXNb`©ç«Üµ ½B óFú{êóÉ ½ÁÄÍAÚ×ÈZ³ðµÄº³Á½¼{¯i³ñEä Lõ³ñðͶßA JF [OXgÌF³ñɨ¢bÉÈèܵ½B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 2. pêWÆêÊIÈîñ 2.1. pêW ±ÌhL gÅͽÌȪêªgíêĢܷBȺÉdvÈàÌÌ à¾ðÈPɰĨ«Ü·B DBM f[^x[X}lWg (DataBase Management)BõL[Æf[^Æ ÌyAðÇ·éf[^x[X@\ðÁ½Cu̱ÆB DLL ®INCu (Dynamically Linked Library)BvOÌÀs ÉN³êéCu̱ÆB domainname NIS T[oªs·éL[[hB NIS NCAg¤ªgp·é NIS T[oðÁè·éÌÉp¢çêéB±Ì domainname Í DNS Ì "domain" Ư¶àÌÉ·éKvÍÈAÞµëÊɷ׫ŠéB FTP t@C]vgR (File Transfer Protocol)BRs [^ÔÅt @Cð]·éÉp¢çêévgRÌêÂB libnsl l[T[rXCu (Name services libraly)B SVR4 Unix ɨ¯ él[T[rXÖAÌ½ß (getpwnam, getservbyname ÈÇ) ÌCu B GNU libc ÅÍ NIS (YP) ¨æÑ NIS+ @\ɱÌCuðp ¢éB libsocket SVR4 Unix ÅA\PbgÖWÌVXeR[ (socket, bind, listen È Ç) ðñ·éCuB NIS lbg[NîñT[rX (Network Information Service)Blbg[ NãÌ·×ÄÌvZ@ÅKvÈîñð¤L·éT[rX̱ÆB Linux Ì W libc CuÉÍ NIS ÌT|[gªÜÜêĨèA±êð±Ì¶ ÅÍ "trad-NIS" ÆL·B (óF´¶ÅÍ "traditional NIS" ŵ½ªA·¢ÌÅóÒªèÉ¢ êµÜµ½) NIS+ Network Information Service (Plus)Bî{IÉÍ NIS ð@\Abvµ½ àÌB NIS+ Í Sun Microsystems Inc. ÉæÁÄÝv³êA NIS ðãp ·éàÌƳêÄ¢éBZL eBª»³êAå«ÈVXeɱü ·é̪eÕÉÈÁÄ¢éB NYS NYS ÍuNIS+, YP, Switchvð\·vWFNg¼Å éB Peter Eriksson <pen@signum.se> ªÇµÄ¢éB±ÌvWFNgÅÍ NIS(= YP) ÌR[hð 0 ©çÄÀµÄ¨èA NYS CuÌl[T[r XXCb`@\ðp·éæ¤ÉÈÁÄ¢éB NSS l[T[rXXCb` (Name Service Switch)B /etc/nsswitch.conf t@CÉæÁÄAeíÌîñÌNGXgÉεÄÇñÈÔÅõð s¤©ðè·éB RPC [gvVW[R[ (Remote Procedure Call)B C vOà Å RPC [`ðp·êÎAlbg[NãÉ é¼ÌvZ@ãÌè± « (Tu[`) ðÄѾ·±ÆªÅ«éBÊí̶¬É¨¢ÄÍ Sun Ì RPC ÀÌÓ¡Åp¢çêé±Æª½¢B YP CG[y[W (Yellow Pages (TM)) Yellow Pages Íp British Telecom ÐÌo^¤WB TCP-IP Transmission Control Protocol/Internet Protocol ̪B TCP/IP Í Unix ÅñíÉægíêÄ¢éf[^ÊMvgRÅ éB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 2.2. êÊIÈîñ ȺÌàeÍ Sun(tm) System & Network Administration Manual ©çÌøp Å·B NIS Í©ÂÄTECG[y[W (Sun Yellow Pages, YP) ÆÄÎêÄ ¢Üµ½Bµ©µuYellow PagesvÍp British Telecom ÐÌo^¤W ÅA³gp·é±ÆªÅ«Ü¹ñÌÅANIS ÆÄÔ±Æɵܵ½ B NIS Í Network Information Service ̪ŷBlbg[NãÌ·×ÄÌv Z@ŤL·×«îñðñ·é½ßÉp¢çêÜ·B NIS Åñ³êéîñ ÆÍAá¦ÎȺÌæ¤ÈàÌÅ·B E OC¼ApX[hAz[fBNg (/etc/passwd) E O[vîñ (/etc/group) á¦ÎA ȽÌpX[hª NIS ÌpX[hf[^x[XÉo^³êÄ¢ éƵܵå¤B·éÆ È½ÍA»±Å NIS ÌNCAgvOª® ¢Ä¢êÎAlbg[NãÌÇÌvZ@ÉàOC·é±ÆªÅ«éæ¤ ÉÈéÌÅ·B Sun Í Sun Microsystems Ð̤WÅ èA SunSoft ÐÉCZX^³ê ĢܷB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 3. NIS © NYS © NIS+ © 3.1. libc 4/5 ÅÍ trad-NIS ©A»êÆà NYS Cu©H trad-NIS ðp¢é© NYS CuÌ NIS R[hðp¢é©ÍAuá@\¾ ªÀèvðÆé©u_`¯vðÆé©ÌIðƾ¦Ü·B trad-NIS ÌR[hÍW C CuÉüÁÄ©ç¾¢ÔoÁĢܷB¶ ÜêªÃ¢ªAââ_î«É¯éÆ±ëª èÜ·B êû NYS CuÌ NIS R[hðp¢éÉÍA libc CuðÄR pCµÄ libnsl ÌR[hð libc ÌÉÜßéKvª èÜ· (»Ìæ¤ ÉRpC³ê½ libc CuðüèÅ«é©àµêܹñ)B ܽ trad-NIS ÌR[hÅÍ NIS ÌlbgO[v@\ªg¦Ü·ªA NYS ÌR[hÉÍÀ³êĢܹñBtÉ NYS ÌR[hÅÍ Shadow Password ð§ßIɵ¤±ÆªÅ«éæ¤ÉÈÁĢܷªA trad-NIS ÌR[hÍ NIS ãÅÌ Shadow pX[hðT|[gµÄ¢Ü¹ñB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 3.2. glibc 2 Æ NIS/NIS+ GNU C Library 2.x (libc6) ðgÁÄ¢éêÍAÈãÌSÄÍYêĺ³¢ B libc6 ÅÍ NSS (l[XCb`T[rX) ð®SÉT|[gµÄ¨èAñ íÉ_îÈ^pªÅ«éæ¤ÉÈÁĢܷBÜ½ÈºÌ NIS^NIS+ }bvª T|[g³êĢܷ: aliases, ethers, group, hosts, netgroups, networks, protocols, publickey, passwd, rpc, services, shadow. GNU C Library ÅÍA shadow pX[hð NIS ÅÜÁ½âèȵ¤±ÆªÅ« Ü·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 3.3. NIS © NIS+ ©H Ç¿çðIÔ©YÞKvÍ èܹñBÁÉZL eBÉßqÉÈéKvª È©Á½èA NIS+ ðgíËÎÈçÈ¢RªÈ¢ÌÈçANIS ðg¢Üµå ¤B NIS+ ÌÇ͸ÁÆåÏÅ· (NCAg¤ÅÍ»êÙÇÅà èÜ ¹ñªAT[o[ÇÍnÅ·)B»êÉ Linux ãÅÌ NIS+ ÍܾJi KÈÌÅ·Bp·éÉÍÅVÅÌ glibc 2.1 ªKvª èÜ·B¿åÁÆ µÄݽ¢êÉÍAglibc Ì NIS+ T|[gð libc5 ÉÚAµ½àÌà¶Ý µÜ· (½¾µ±êÍ¢T|[g)B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 4. ®ì´ 4.1. NIS Ì®ì´ ÈÆà 1 äÌ NIS ÌT[o[ªlbg[NãÉKvÅ·B¡ÌT[ oðÒ®³¹é±ÆàÅ«Ü·B±ÌêÍ»ê¼êðÙÈÁ½ NIS uhC vÌT[oÆ·é©A é¢Í 2 äÌT[oðÐÆÂÌhCãŦ²µ Į쳹é±ÆÉÈèÜ·BãÒÌ\¬ÅÍ 1 äÌT[oªu}X^[T[ ovÆÈèA»Ì¼ÌT[oÍSÄuX[uT[ovÆÄÎêÜ· (1 ÂÌ uhCvÉηé\¬Å·)BhCð¡A»ê¼êÉηéT[oà ¡AÆ¢Á½æ¤È\¬àÂ\Å·B X[uT[oÍA}X^[T[oÌ NIS f[^x[XÌRs[Û¾¯ðµ Ü·B}X^[T[oÌ NIS f[^x[XªÏX³êéÆAê»êðó¯æ èÜ·Blbg[NÉÚ±³êÄ¢évZ@ÌäÆlbg[NÌM« ðl¶µAX[uT[oðCXg[·é©Ç¤© (CXg[·éê Í»Ìä) ðßĺ³¢B NIS NCAgÍANIS T[oªu¿Ä v¢½èAX|Xªx©Á½è·éêÉÍA¿Ä¢È¢T[oâàÁ ÆX|X̬¢T[oÆÌÚ±ðÝÜ·B NIS f[^x[XÍ ASCII `®Ìf[^x[X©çÏ·³ê½A¢íäé DBM tH[}bgÉÈÁĢܷBá¦Î /etc/passwd â /etc/group Æ¢Á½t @CÍA ASCII-DBM Ï·vO (makedbm: T[o\tgÉüÁÄ¢Ü ·) ðgÁÄ¼Ú DBMtH[}bgÉÏ·Å«Ü·B NIS Ì}X^[T[oÍ A ASCII `®Æ DBM `®Ìf[^x[XÆ̼ûðÁÄ¢ÈÄÍÈèÜ ¹ñB X[uT[oÍ NIS }bvªÏX³êéÆÊmðó¯Ü· (yppush vO ªp¢çêÜ·)B·éÆX[uT[oÍKvÈÏXðs¢Af[^x[ Xð¯ú³¹Ü·B NIS NCAgɱÌæ¤ÈìÆð·éKvÍ èܹ ñBNCAgÍíÉÅVÌ DBM f[^x[XÌàeð NIS T[oÉÇÝ És©çÅ·B ypbind Ìâo[WÅÍA®ìÌ NIS T[oðT·ÌÉu[hL Xgðp¢Ä¢Üµ½B±êÉÍZL eBãÌâèª èܵ½BÈºÈ çN©ª NIS T[oðCXg[µÄAu[hLXgÌâ¢í¹É ¦éæ¤ÉÅ«é©çÅ·BVµ¢o[WÌ ypbind (ypbind-3.3 Ü½Í ypbind-mt) ÅÍAT[oðÝèt@C©çæ¾Å«Ü· - µ½ªÁÄu [hLXgÍsvÅ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 4.2. NIS+ Ì®ì´ NIS+ Í Sun ÉæéVµ¢lbg[NCtH[VT[rXÅ·B NIS Æ NIS+ ÌÅàå«Èá¢ÍANIS+ ÅÍf[^ÌÃ»Æ secure RPC ð ʵ½FØƪÂ\ÉÈÁÄ¢é_Å·B NIS+ ̽¼fÍc[\¢ÉîâĢܷBc[Ì»ê¼êÌm[h ª NIS+ ÌIuWFNgÉεĨèA±êÉÍZÂÌ^Cvª èÜ·B fBNg (directory), Gg (entry), O[v (group), N (link), e[u (table), vCx[g (private) Å·B NIS+ ̼OóÔÅ[gÆÈé NIS+ fBNgÍ root fBNgÆÄ ÎêÜ·B NIS+ ÉÍñÂÌÁÊÈfBNgª¶ÝµÜ·B org_dir Æ groups_dir Å·B org_dir fBNgÉÍ·×ÄÌÇe[uªÜÜê Ü·Bá¦Î passwd, hosts, mail_aliases ÈÇÅ·B groups_dir fBN gÉÍANZXRg[Ép¢çêé NIS+ O[vIuWFNgªÜ ÜêÜ·B org_dir Æ groups_dir ¨æÑ»êçÌefBNgðWß½à ̪ NIS+ hCƵÄQƳêÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 5. RPC |[g}bp ±ê©çྵĢ\tgEFA𮩷½ßÉÍAܸ /usr/sbin/ rpc.portmap ð®ì³¹Ä¨Kvª èÜ·B Linux ÌzzpbP[WÌ ÉÍA±Ìf[ð§¿ã°é½ßÌR}hª /sbin/init.d/ â /etc/ rc.d/ É«ñÅ éàÌà èÜ·ÌÅA»ÌêÍYªðAR gµÄu[g·é¾¯Å·BÀÛÌâèûÍfBXgr [VÌh L gðÇÝܵå¤B RPC |[g}bp (portmap(8)) ÍA RPC vOÔð TCP/IP |[gÔ ÉÏ··éT[ovOÅ·B NIS NCAgvOªâÁÄ¢ éæ¤ÉA RPC T[o (NIS T[oÈÇ) É RPC ÄѾµðs¤ÉÍA RPC |[g}bpª®¢Ä¢éKvª èÜ·B RPC T[ovOÍAÄ· é TCP/IP |[gÔÆf[^ðñ·é RPC vOÔðAN®É| [g}bpÉ`¦Ü·BNCAgvOªA é RPC vOÔ ÉR[ðs¤ÛÉÍAܸT[o}VãÌ RPC |[g}bpÆðMµÄA ÇÌ TCP/IP |[gÔÉ RPC ÌpPbgðêÎǢ̩ðèµÜ·B RPC T[ovOÍ inetd(8) ©çàN®Å«Ü·ªA»ÌêÍ inetd æèOÉ RPC |[g}bpðN®·éæ¤ÉµÄº³¢B secure RPC ðp¢éêÉÍA|[g}bpÍ time T[rXðKvƵܷ B·×ÄÌzXgÌ /etc/inetd.conf ÅAȺÌæ¤É time T[rXªp Â\ÉÈÁÄ¢é±ÆðmFµÄº³¢B # # Time service is used for clock syncronization. # time stream tcp nowait root internal time dgram udp wait root internal dvFÝèt@CÏXµ½ Æ inetd ðÄN®·éÌðYêÈ¢±Æ! ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 6. NIS ÌÝè 6.1. }X^[T[oAX[uT[oANCAgðßé ܸȺÌñÂÌêðl¦éKvª èÜ·B 1. Ú±·élbg[NãÉ NIS T[oª éêB 2. Ú±·élbg[NãÉ NIS T[oªÈ¢êB ÅÌP[XÅÍ ypbind, ypwhich, ypcat, yppoll, ypmatch Æ¢Á½NC AgvOðN®·é¾¯Åg¦éæ¤ÉÈèÜ·BêÔdvÈÌÍ ypbind ÅA±ÌvOÍíÉÀs³êÄ¢éKvª èÜ· (ÂÜè ps R}hðÀsµ½Æ«ÉvZXe[uÉ\¦³êȯêÎÈèܹñ)B ypbind Í¢íäéf[vZXÅAVXeÌX^[gAbvt@C© çN®·éKvª èÜ· (ÂÜè /etc/init.d/nis, /sbin/init.d/ ypclient, /etc/rc.d/init.d/ypbind, /etc/rc.local ÈÇ)B ypbind ªN® ³êêÎA»ÌvZ@Í»Ì_©ç NIS NCAgÆÈèÜ·B ñÔÚÌP[XAÂÜè NIS T[oªÈ¢êÉÍA NIS T[ovO (ÊíÍ ypserv) àKvÆÈèÜ·B±Ì¶Ì Section 9 ÅÍA±Ì ypserv f[ðp¢Ä Linux }Vð NIS T[oÉÝè·éû@ÉÂ¢Ä à¾µÄ¢Ü·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 6.2. \tgEFA o[W 4.4.2 È~ÌVXeCu /usr/lib/libc.a àµÍ¤L Cu /lib/libc.so.x ÉÍA NIS ÌNCAgET[ovOÌ RpCÉKvÈVXeR[ª·×ÄÜÜêĢܷB GNU C Library 2 (glibc 2.x) ÅÍ /lib/libnsl.so.1 àKvÅ·B NIS Í /usr/lib/libc.a Ìo[W 4.5.21 Èãŵ©®©È¢Æ¢¤ñ ª èÜ·ÌÅAÀS̽ßÉÍâàÌÍgíÈ¢ûªÇ¢Åµå¤B NIS ÌNCAgvOÍȺÅüèÅ«Ü·B Site and Directory Filename ftp.kernel.org:/pub/linux/utils/net/NIS yp-tools-2.4.tar.gz ypbind-mt-1.7.tar.gz ypbind-3.3.tar.gz ypbind-3.3-glibc5.diff.gz \tgðèÉüê½çA¯«³êÄ¢éà¾Éµ½ªÁĺ³¢B yp-clients 2.2 Í libc4 Ü½Í 5.4.20 ÜÅÌ libc5 ƤÉp¢Äº³¢B libc 5.4.21 È~Æ glibc 2.x ÉÍ yp-tools 1.4.1 È~ªKvÅ·BVµ¢ yp-tools Ìo[W 2.4 ÍA·×ÄÌ Linux libc Å®ìµÜ·B 5.4.21 ©ç 5.4.35 ÜÅÌ libc ÍA NIS ÌR[hÉoOª éÌÅgíÈ¢ûªÇ ¢Åµå¤B libc 5.4.36 È~ðgíÈ¢ÆAÙÆñÇÌ YP vOÍ® ìµÈ¢Åµå¤B ypbind 3.3 à·×ÄÌCuÅ®ìµÜ·B gcc 2.8.x È~© egcsA glibc 2.x ðpµÄ¢éêÍA ypbind-3.3-glibc5.diff pb`ð ypbind 3.3 ÉÄéKvª èÜ·BZL eBÉâèª éÌÅAÂ\Èç ypbind 3.3 ÍgíÈ¢Ù¤ªÇ¢Åµ å¤B ypbind-mt ÍAVµJ³ê½}`XbhÌf[Å·B±ê ÉÍ Linux 2.2 J[lÆ glibc 2.1 È~ªKvÅ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7. NIS NCAgÌÝè 7.1. ypbind f[ \tgEFAª¤ÜRpCÅ«½çCXg[µÜµå¤B ypbind f[Í /usr/sbin fBNgÉüêéÆǢŵå¤B NYS ÌVXe ÅÍ ypbind ÍKvȢƾ¤lª¢éæ¤Å·ªA±êÍÔáÁĢܷ B ypwhich Æ ypcat ÍA©Èç¸ ypbind ðKvƵܷB ypbind ÌCXg[Íà¿ëñX[p[[UÅs¤Kvª èÜ·B¼Ì oCi (ypwhich, ypcat, yppoll, ypmatch) Í·×ÄÌ[U[©çANZ XÂ\ÈfBNgÉu«Üµå¤BÊíÍ /usr/bin ªÇ¢Åµå¤B ÅßÌ ypbind ÉÍÝèt@C /etc/yp.conf ª èÜ·B±±É NIS T[ oð¼É¢Ä¨±ÆàÅ«Ü·BÚµÍ ypbind(8) Ì}j AðÇñ ź³¢B±Ìt@CÍ NYS ÅàKvÅ·BȺÍáÅ·B ypserver 10.10.0.1 ypserver 10.0.100.8 ypserver 10.3.1.1 NIS ȵÅàzXg¼ÌðªÅ«éVXeÅÍA IP AhXÅȼO ðp¢é±ÆªÅ«Ü·B»¤ÅȯêÎ IP AhXðp¢Ü·B ypbind 3.3 ÉÍoOª èAÅãÌGg (ãLÌáÅÍ ypserver 10.3.1.1) µ ©p¢çê¸A¼ÍSij³êÜ·B ypbind-mt Åͳµµ¤±ÆªÅ« AÅÉÔµ½T[oªp¢çêÜ·B ypbind ðX^[gAbvt@CÉüêéOÉeXgµÄ¨±Æð¨©ßµ Ü·B ypbind ÌeXgÍȺÌæ¤ÉµÄs¢Ü·B E YP ÌhCl[ªÝè³êÄ¢é±ÆðmFµÄº³¢BÝè³êÄ ¢È¢êÍȺÌæ¤ÉµÜ·B ¡¢ /bin/domainname nis.domain ¤£ nis.domain ÍÊíKȶñÅA ȽÌ}VÌ DNS hCl[ ÆÍá¤àÌɷ׫ŷB±¤µÄ¨¯ÎAOÌNbJ[ªT[ o©ç NIS pX[hf[^x[XðñÅ¢Ìªí¸©Èªç¢ïÉ ÈèÜ·B NIS hC¼ðmçÈ¢êÍVXeÇÒ©lbg[ NÇÒÉqËĺ³¢B E /usr/sbin/rpc.portmap ªN®³êĢȯêÎN®µÜ·B E /var/yp Æ¢¤fBNgªÈ¯êÎ쬵ܷB E /usr/sbin/ypbind ðN®µÜ·B E ypbind ªT[rXàeð|[g}bpÉo^Å«½©Ç¤©m©ßé½ß ÉA rpcinfo -p localhost Æ¢¤R}hðÀsµÄº³¢BȺÌæ ¤Èoͪ»íêé͸ŷB ¡¢ program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 637 ypbind 100007 2 tcp 639 ypbind ¤£ é¢ÍgÁÄ¢éo[WÉæÁÄÍ ¡¢ program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 758 ypbind 100007 1 udp 758 ypbind 100007 2 tcp 761 ypbind 100007 1 tcp 761 ypbind ¤£ Ìæ¤ÉÈé©àµêܹñB E rpcinfo -u localhost ypbind àÀsµÄÝĺ³¢BȺÌæ¤È\¦ ªoé͸ŷB ¡¢ program 100007 version 2 ready and waiting ¤£ é¢ÍCXg[µ½ ypbind Ìo[WÉæÁÄÍ ¡¢ program 100007 version 1 ready and waiting program 100007 version 2 ready and waiting ¤£ Ìæ¤ÈoÍÉÈé©àµêܹñBdvÈÌÍ "version 2" ÌbZ[ W¾¯Å·B ±±ÜÅêÎ ypcat Ìæ¤È NIS NCAgvOðÀsÅ«éÍ ¸Å·Bá¦Î NIS ÌpX[hf[^x[XðQƵ½¢êÉÍA ypcat passwd.byname ƵܷB dv: àµãqÌ ypbind ÌeXgðȪµ½êAÈÆàhCl[ ªÝèµÄ é±ÆÆ /var/yp Æ¢¤¼OÌfBNgªìÁÄ é±Æ ðmFµÄº³¢B /var/yp ªÈ¢Æ ypbind ͳíÉN®Å«Ü¹ñB hCl[ÌÝ誳µ¢©Ç¤©ð`FbN·éÉÍA yp-tools 2.2 Ì /bin/ypdomainname ðgÁĺ³¢B±ÌvOÍ yp_get_default_domain() Öðg¤ÌÅAæèµµ¢`FbNªÅ«Ü·B á¦Î Linux ÅftHgÉÈÁÄ¢é (»µÄ½ÌâèÌ´öÉÈÁÄ¢ é) "(none)" Ìæ¤ÈhC¼ÍA±ÌvOÅͳêܹñB eXgª¤Ü¢Á½çX^[gAbvt@CðÏXµÄAu[gÉ ypbind ªN®³êéæ¤ÉµÄ¨ÆǢŵå¤B©®IÉ NIS NCA gƵÄÌ®ªJn³êÜ·B ypbind ÌN®OÉAhCl[ªÝ è³êéæ¤É·éÌàYêÈ¢±ÆB ÈãÅÝèÍI¹µÜµ½Bu[gµÄAu[gbZ[WÅ ypbind ª³ íÉ®ìµÄ¢é©Ç¤©mFµÄº³¢B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.2. trad-NIS ðp¢½ NIS NCAgðZbgAbv·é zXg̼OðÉ NIS ðp¢éÉÍA /etc/host.conf t@CÅðð wè·ésÉ "nis" ðwè (ܽÍÇÁ) µÄº³¢BÚ×Ét¢ÄÍ resolv+(8) Ì}j AðÇñź³¢B ȺÌsð NIS NCAgÌ /etc/passwd ÉÇÁµÄº³¢B +:::::: + â - Æ¢Á½¶ðg¦ÎA[U[ðÇÁ/íµ½èóÔðÏXµ½è Å«Ü·Bá¦Î[U guest ðíµ½¢Èç /etc/passwd t@CÉ -guest ðÇÁ·êÎ OK Å·B[U "linux" ÉáÁ½VF (á¦Î ksh) ðgí¹½¢Å·ÁÄHåävA"+linux::::::/bin/ksh" ð /etc/passwd É ÇÁ·é¾¯Å· (øpÍæÁĺ³¢)BÏXµ½È¢tB[hÍóÌ ÜÜɵĨKvª èÜ·B[UÌRg[ÉÍlbgO[vð p¢é±ÆàÅ«Ü·B á¦ÎuOCANZXð miquiels, dth, ed ÆlbgO[v sysadmin Ìo[¾¯ÉÀè½¢ªAAJEgf[^ͼÌ[USõªªKvv Æ¢¤æ¤ÈêÍȺÌæ¤ÉÈèÜ·B +miquels::::::: +ed::::::: +dth::::::: +@sysadmins::::::: -ftp +:*::::::/etc/NoShell Linux ÅÍpX[hÌtB[hàã«Å«é±ÆÉӵĺ³¢Bâ èûÍ¡ÌáÆS¯¶Å·B±ÌáÅÍ "ftp" ÌOCàíµÄ¢Ü· B]ÁıÌ[UͶݵÈÈèA anonymous ftp Í@\µÈÈèÜ· B /etc/netgroup t@CÍȺÌæ¤ÉÈÁÄ¢éÆv¢Ü·B sysadmins (-,software,) (-,kukuk,) dvFlbgO[vÌ@\Í libc 4.5.26 ©çÀ³êܵ½B 4.5.26 È OÌ libc ðgÁÄ¢é Linux }VÅ ypbind ðÀs·éÆA NIS ÌpX [hf[^x[XÉGgð·×ÄÌ[UÍ»Ì}VÉANZX ūĵܢܷI ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.3. NYS ðp¢½ NIS NCAgðZbgAbv·é KvÈÌÍ NIS ÌÝèt@C (/etc/yp.conf) ųµ¢T[o(Q)©çîñ ðàç¦éæ¤ÉµÄ¨±ÆA»µÄl[T[rXXCb`ÌÝèt@C (/etc/nsswitch.conf) ð³µÝè·é±ÆÅ·B ypbind àCXg[µÄ¨«Üµå¤B libc ÉÍKv èܹñªA NIS (YP) Ìec[ÉͱêªKvÉÈèÜ·B [UÌÇÁEr@\ (+/-guest/+@admins) ðp¢½¢êÍA "passwd: compat" Æ "group: compat" ð nsswitch.conf Åwè·éKvª èÜ·B "shadow: compat" Æ¢¤wèÍ èܹñB±ÌêÍ "shadow: files nis" Ìæ¤ÉµÄº³¢B NYS Ì\[XÍ libc 5 Ì\[Xɯ«³êĢܷB configure ðÀsµA "Values correct" Ìâ¢ÉεÄêxÚÍ "NO" Ʀĺ³¢B»µÄ "Build a NYS libc from nys" É뵀 "YES" Ʀĺ³¢B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.4. glibc 2.x ðp¢½ NIS NCAgðZbgAbv·é glibc Í trad-NIS ðpµÜ·B]ÁÄ ypbind ðN®·éKvª èÜ· Bܽl[T[rXXCb`ÌÝèt@C (/etc/nsswitch.conf) à³µ Ýè·éKvª èÜ·B passwd/, shadow, group É compat [hðg ¤êÍA±êçÌt@CÌÅãÉ "+" ðÇÁ·éKvª èÜ·B[U ÌÇÁEí@\ðp¢é±ÆàÅ«Ü·BÝèÍ Solaris 2.x ÌàÌÆÜÁ ½¯¶Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.5. nsswitch.conf t@C lbg[NT[rXXCb`Ìt@C /etc/nsswitch.conf ÍAîñÖÌ ANZXvª½Æ«És¤õÌÔðè·éàÌÅ·BzXg¼Ì õÅp¢çêé /etc/host.conf t@CÆĢܷBá¦Î±Ìt@C ɨ¢Ä hosts: files nis dns Æwè·êÎAzXg¼Ìõ@\Íܸ[JÌ /etc/hosts t@Cð TµAÉ NISA»µÄhCl[T[rX (/etc/resolv.conf Æ named) Æ¢¤ÔÅõðs¢Ü·BÅãÜÅ}b`·éà̪ȯêÎAG [ªÔ³êé±ÆÉÈèÜ·B±Ìt@CÍSÄÌ[U©çÇÝæè \ÅȯêÎÈèܹñIæèÚ×ÈîñÍ nsswitch.5 © nsswitch.conf.5 Ì}j Ay[Wð©Ä¾³¢B NIS pÌ /etc/nsswitch.conf t@CƵÄÍAȺÌæ¤Èà̪ǢŠµå¤B # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # passwd: compat group: compat # For libc5, you must use shadow: files nis shadow: compat passwd_compat: nis group_compat: nis shadow_compat: nis hosts: nis files dns services: nis [NOTFOUND=return] files networks: nis [NOTFOUND=return] files protocols: nis [NOTFOUND=return] files rpc: nis [NOTFOUND=return] files ethers: nis [NOTFOUND=return] files netmasks: nis [NOTFOUND=return] files netgroup: nis bootparams: nis [NOTFOUND=return] files publickey: nis [NOTFOUND=return] files automount: files aliases: nis [NOTFOUND=return] files passwd_compat, group_compat, shadow_compat Í glibc 2.x ÅÌÝT|[g ³êĢܷB /etc/nsswitch.conf É shadow [ªÈ¯êÎA glibc Í pX[hÌõÉ passwd [ðp¢Ü·B glibc pÌõW [Æ µÄA hesoid Ìæ¤ÈàÌà¶ÝµÄ¢Ü·B±êÉ¢ÄÍ glibc ̶ ðÇñž³¢B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.6. Shadow pX[hÆ NIS NIS É shadow pX[hð¬Ê³¹éÌÍÇ¢l¦ÅÍ èܹñB shadow VXeÌbgÅ éZL eBª¸íêĵܤ©çÅ·B»êɱ êªT|[g³êÄ¢é Linux C CuÍÉܹ߬ñB NIS ãÉ shadow ð¬³È¢æ¤É·éÉÍA[JVXeÌ[U¾¯ð /etc/ shadow Éo^·é±ÆÅ·B NIS ɬ·[UGgð shadow f[^x [X©çíµA»êçÌpX[hÍ passwd ɢĺ³¢B±¤·êÎ root OCÉÍ shadow ðAêÊÌ NIS [UÉÍ passwd ðp¢é±Æ ªÅ«éæ¤ÉÈèÜ·B±Ìû@ÈçA·×ÄÌ NIS NCAgÅ¤Ü ®ìµÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.6.1. Linux NIS Å shadow pX[hðp¢é±ÆªÅ«éBêÌ Linux libc Í GNU C Library 2.x Å·B Linux libc5 ͱêðT|[gµÄ¢Ü¹ñB Linux libc5 ð NYS ÆêÉRpCµ½êÍA½ÌR[hªÜÜêé±ÆÉ ÍÈèÜ·BÅà±ÌR[hÍóµÉæÁÄÍÐÇóêĵܢA shadow GgªSijµ¢êÅà®ìµÈ¢±Æª èÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.6.2. Solaris Solaris Í NIS ãÅÌ shadow pX[hðT|[gµÄ¢Ü¹ñB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 7.6.3. PAM PAM Í NIS ãÅÌ shadow pX[hðT|[gµÜ¹ñBÁÉ pam_pwdb/ libpwdb ª¾ßÈñÅ·B±êÍ RedHat 5.x [UÉÆÁÄå«ÈâèÅ· B glibc Æ PAM ðgÁÄ¢éêÍA /etc/pam.d/* ÌGgðÏX·é Kvª èÜ·B pam_unix_* W [É é pam_pwdb Ì[ðu«· ¦Äº³¢Bµ©µ pam_unix_auth.so W [ÉÍoOª éÌÅA±ê ÍK¸®ì·éÆÍÀèܹñB /etc/pam.d/login Ìáð鼃 °Ü·B #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_unix.so auth required /lib/security/pam_nologin.so account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so session required /lib/security/pam_unix.so ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 8. NIS+ ÌÝè 8.1. \tgEFA Linux Ì NIS+ NCAgR[hÍ GNU C CuÌo[W 2 pÉ J³êīܵ½B±êð libc5 ÖÚAµ½àÌà èÜ·B¤pAvP [VÌÙÆñÇÍ libc5 ÉN³êĢܷµA±êçAvP[V ð glibc ü¯ÉÄRpC·é±ÆÍūܹñ©çB½¾µ libc5 Æ NIS+ ð¯Ég¤ÛÉÍâèª èÜ·BX^eBbNÈvOÍ libc5 ÉN·é±ÆÍūܹñµA±ÌCuÅRpCµ½vO ͼÌo[WÌ libc5 ÅÍ®ìµÜ¹ñB GNU C Library 2.1 ðèÉüêARpC·éKvª èÜ·B 64bit v bgtH[Èç GNU C Library 2.1.1 Å·Bx[XÌVXeƵÄA glibc x[XÌzzpbP[WàKvÉÈèÜ·B Debian, RedHat, SuSE Linux ÈÇÅ·B ÇÌfBXgr [VÅàA gcc/g++ RpCA libstdc++, ncurses ðÄRpCµÈ¯êÎÈèܹñB Redhat ÅÍ PAM ÌÝèðå ÉÏXµÈ¯êÎÈèܹñB SuSE Linux 6.0 ÅÍ shadow pbP[Wð ÄRpCµÈ¯êÎÈèܹñB NIS+ NCAgÌ\tgEFAÍȺ©çüèÅ«Ü·B Site and Directory Filename ftp.funet.fi:/pub/gnu/funet libc-* glibc-crypt-* glibc-linuxthreads-* ftp.kernel.org:/pub/linux/utils/net/NIS+ nis-utils-1.3.tar.gz http://www.suse.de/~kukuk/nisplus/ ÉÍAæèÚ×ÈîñÆÅVÌ\[Xª èÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 8.2. NIS+ NCAgÌZbgAbv dvF NIS+ NCAgðZbgAbv·éOÉA Solaris Ì NIS+ hL gðÇñÅT[o¤ÅKvÈìÆðsÁĺ³¢B±Ì¶ÅÍNCA g¤ÅǤ·êÎ梩É¢ĵ©q×ĢܹñI Vµ¢ libc Æ nis-tools ðCXg[µ½çA NIS+ T[oãűÌV½ ÈNCAgpÌMCØ (credential) ð쬵ܷB portmap ª®ìµÄ ¢é±ÆðmF·éæ¤ÉµÄº³¢BÉNCAgÉ·é Linux PC Ì ª NIS+ T[oÆêvµÄ¢é©`FbNµÄº³¢B secure RPC Ìê ÍAMCØÌLøúÔÍ 3 ªµ© èܹñB·×ÄÌzXgÅ xntpd ð ç¹é̪Ǣŵå¤B±êçªmFÅ«½çȺðÀsµÜ·B ¡¢ domainname nisplus.domain. nisinit -c -H ¤£ ±êÉæÁÄ cold X^[gt@Cªú»³êÜ·B¼ÌIvVÉ ¢ÄÍ nisinit Ì}j Ay[WðÇñź³¢BhCl[Íu[ g̽ÑÉÝè³êéæ¤ÉµÄ¨¢Äº³¢B ȽÌlbg[NÌ NIS+ hCl[ªí©çÈ¢êÍAVXe©lbg[NÌÇÒÉqË Äº³¢B É /etc/nsswitch.conf t@CðÏXµÜ·B publickey ɯéT[r XÍ nisplus ¾¯ ("publickey: nisplus") ÅA¼ÌàÌÍ¢ÄÍÈçÈ¢ ±ÆÉӵĺ³¢B É keyserv ðN®µÄº³¢B±êÍu[gÉAK¸ portmap ̼ãÉ N®³êéæ¤ÉµÄ¨¢Äº³¢B±¤µÄ ¡¢ keylogin -r ¤£ Æ·êÎVXeÌ root Ì駮ªÛdzêÜ· (ऱÌVµ¢zXgÌ öJ®Í NIS+ ÌT[oÉÇÁµÜµ½æËH)B niscat passwd.org_dir Æ·êÎA passwd f[^x[XÌ·×ÄÌGg ð©é±ÆªÅ«é͸ŷB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 8.3. NIS+, keylogin, login ¨æÑ PAM OCµ½Æ«ÉA[UÍ©ªÌ駮ð keyserv ÉZbg·éKvª èÜ·B±êÉÍ keylogin ðp¢Ü·B glibc 2.1 ÆRpC³ê½ê ÉÍA shadow pbP[WÌ login ͱêð[UÌãíèÉÀsµÄêÜ ·B PAM ðF¯·é login ðpÓ·éÉÍA pam_keylogin-1.2.tar.gz ðC Xg[µA /etc/pam.d/login t@CðÏXµÄ pwdb ÌãíèÉ pam& _unix_auth ðg¤æ¤É·éKvª èÜ· (pwdb Í NIS+ ðT|[gµÜ ¹ñ)Báð¦µÜ·B #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_unix2.so set_secrpc auth required /lib/security/pam_nologin.so account required /lib/security/pam_unix2.so password required /lib/security/pam_unix2.so session required /lib/security/pam_unix2.so ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 8.4. nsswitch.conf t@C lbg[NT[rXXCb`Ìt@C /etc/nsswitch.conf ÍAîñÖÌ ANZXvª½Æ«És¤õÌÔðè·éàÌÅ·BzXg¼Ì õÅp¢çêé /etc/host.conf t@CÆĢܷBá¦Î±Ìt@C ɨ¢Ä hosts: files nisplus dns Æwè·êÎAzXg¼Ìõ@\Íܸ[JÌ /etc/hosts t@Cð TµAÉ NIS+A»µÄhCl[T[rX (/etc/resolv.conf Æ named) ƾ¤ÔÅõðs¢Ü·BÅãÜÅ}b`·éà̪ȯêÎG [ªÔ³êé±ÆÉÈèÜ·B NIS+ pÌ /etc/nsswitch.conf t@CÍAȺÌæ¤ÈàÌɵĨ¯ÎÇ ¢Åµå¤B # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # passwd: compat group: compat shadow: compat passwd_compat: nisplus group_compat: nisplus shadow_compat: nisplus hosts: nisplus files dns services: nisplus [NOTFOUND=return] files networks: nisplus [NOTFOUND=return] files protocols: nisplus [NOTFOUND=return] files rpc: nisplus [NOTFOUND=return] files ethers: nisplus [NOTFOUND=return] files netmasks: nisplus [NOTFOUND=return] files netgroup: nisplus bootparams: nisplus [NOTFOUND=return] files publickey: nisplus automount: files aliases: nisplus [NOTFOUND=return] files ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 9. NIS T[oÌÝè 9.1. T[ovO ypserv ±Ì¶ÅÍA NIS T[oƵÄÍ "ypserv" ÌÝèû@ÌÝðLµÜ·B NIS T[oÌ\tgÍ鼃 èÜ·B Site and Directory Filename ftp.kernel.org:/pub/linux/utils/net/NIS ypserv-1.3.11.tar.gz http://www.suse.de/~kukuk/nis/ ÉAæèÚµ¢îñª èÜ·B T[oÌZbgAbvû@Í trad-NIS / NYS Ç¿çÌêÅ௶ŷB RpCµÄ ypserv Æ makedbm ðìèÜ·B securenets t@Cðg¤ © tcp_wrapper ðg¤©ðÝèÅ«Ü·B tcp_wrapper Ìûª¸ÁÆ_îÅ ·ªA±êªâèÌ´öÆÈéêà½mçêĢܷB tcp_wrapper ÍÝ èt@CÌ«ûÉæÁÄÍ[[NðN±·±Æà èÜ·Bൠtcp_wrapper ðg¤æ¤É ypserv ðRpCµÄâèªN±Á½êÉÍ A securenets t@Cðp¢éæ¤ÉRpCµÈ¨µÄ¾³¢B ypserv --version Æ·êÎÇ¿çÌo[WðgÁĢ驪©èÜ·B T[oð}X^[ƵÄN®·éêÍA NIS ðp¢Ä¤L³¹ét@Cð ßľ³¢B»µÄ /var/yp/Makefile Ì "all" [ÉKvÈàÌðÁ ¦½èAsvÈàÌðíµ½èµÄ¾³¢Bܽ Makefile ÌæªÌûà K¸©ÄAIvVð©ªÌÂ«É í¹ÄÒWµÄ¨×«Å·B ypserv 1.1 Æ ypserv 1.2 ÆÌÔÅÍAå«ÈÏXªsíêܵ½B 1.2 È ~ÅÍAt@CnhªLbV ³êéæ¤ÉÈÁ½ÌÅ·B±êÉæ èAVµ¢}bv𶬷éÆ«ÉÍK¸ makedbm É -c IvVðÂ¯È ¯êÎÈçÈÈèܵ½B /var/yp/Makefile ª ypserv 1.2 È~Ét®Ì àÌÅ é±ÆðmFµÄº³¢B é¢Í Makefile Ì makedbm ÉAèÅ -c tOðÁ¦Äº³¢B±êðYêéÆAypserv ÍXV³ê½}bvÅÍ ÈAâ}bvðg¢±¯ÄµÜ¢Ü·B É /var/yp/securenets Æ /etc/ypserv.conf ðÒWµÜ·BÚ×Í ypserv (8) Æ ypserv.conf(5) Ì}j Ay[WðÇñź³¢B |[g}bp (rpc.portmap) ª®¢Ä¢é©mFµÄº³¢BmFÅ«½ç ypserv 𮩵ܷB ¡¢ % rpcinfo -u localhost ypserv ¤£ Æ¢¤R}hðÀsµÄÝÄA ¡¢ program 100004 version 1 ready and waiting program 100004 version 2 ready and waiting ¤£ Æoͳêé±ÆðmFµÄº³¢B "version 1" ÌsÍA ypserv Ìo[Wâp¢½ÝèÉæÁÄÍoÈ¢© àµêܹñB±êªKvÉÈéÌÍÌÌ SunOS 4.x ðNCAgƵÄg ¤ê¾¯Å·B ±±Å NIS (YP) f[^ð쬵ܷB}X^[T[oÅȺðÀsµÄº³ ¢B ¡¢ % /usr/lib/yp/ypinit -m ¤£ X[uT[oÅÍA ypwhich -m ª@\·é±ÆðmFµÄº³¢BÂÜè X[uÉ·ézXgÍAܸ NIS NCAgƵĮìūȯêÎÈç È¢ÌÅ·BmFÅ«½çȺðÀsµÄA±ÌzXgð NIS X[uÉµÜ ·B ¡¢ % /usr/lib/yp/ypinit -s masterhost ¤£ ±êŨµÜ¢AT[oÍ®ìµÄ¢é͸ŷB ½©å«Èâ誶¶½çA ypserv â ypbind ðÊÌ xterm ©çfobO [hÅN®µÄÝܵå¤BfobOoͩ罪âèÈÌ©ª»fÅ«éÍ ¸Å·B }bvðXV·éKvª¶¶½êÍA NIS }X^[Ì /var/yp fBNg Å make ðÀsµÄ¾³¢B\[Xt@CªVµ¢êÉÍ}bvªX V³êAX[uT[oÉ push ³êÜ·B}bvÌXVÉÍ ypinit Íp¢ È¢æ¤ÉµÄ¾³¢B uX[uvT[oãÅÍ root Ì crontab ðÒWµAȺÌæ¤ÈsðÇÁ µÄ¨ÆÇ¢©àµêܹñB 20 * * * * /usr/lib/yp/ypxfr_1perhour 40 6 * * * /usr/lib/yp/ypxfr_1perday 55 6,18 * * * /usr/lib/yp/ypxfr_2perday ªê}X^T[oÅÌXVÌÛÉX[uª_EµÄ¢Äf[^ðó¯¹ ÈÁÄàC±êÉæÁÄ NIS }bvðÅVÉÛ±ƪūܷB X[uÍ¢ÂÅàÇÁ·é±ÆªÅ«Ü·BܸVµCXg[µ½X [uT[oª NIS }X^[ÉÚ±·éÂðÁÄ¢é©ðmFµÜµå¤ BÉ ¡¢ % /usr/lib/yp/ypinit -s masterhost ¤£ ðVµ¢X[uÅÀsµÜ·B}X^[T[oÅÍA±ÌVµ¢X[uT [o̼Oð /var/yp/ypservers ÉÇÁµA /var/yp Å make ðÀsµÄ} bvðXVµÜ·B NIS T[oÖÌ[UANZXð§Àµ½¢êÍA NIS T[oÌzXgðN CAgƵÄàÀs·éKvª èÜ·BÂÜè ypbind ðÀsµÄ "+" Ìt¢½GgðpX[ht@C /etc/passwd ̼ÎÉÇÁµÜ·B CuÖÍ NIS GgÈ~Éu©ê½ÊíÌGgðSijµAc èð NIS ðʵÄ澵ܷB±Ìæ¤É·éÆ NIS ÌANZX[ðÇ ·é±ÆªÅ«Ü·Báð¦µÜ·B root:x:0:0:root:/root:/bin/bash daemon:*:1:1:daemon:/usr/sbin: bin:*:2:2:bin:/bin: sys:*:3:3:sys:/dev: sync:*:4:100:sync:/bin:/bin/sync games:*:5:100:games:/usr/games: man:*:6:100:man:/var/catman: lp:*:7:7:lp:/var/spool/lpd: mail:*:8:8:mail:/var/spool/mail: news:*:9:9:news:/var/spool/news: uucp:*:10:50:uucp:/var/spool/uucp: nobody:*:65534:65534:noone at all,,,,:/dev/null: +miquels:::::: +:*:::::/etc/NoShell [ All normal users AFTER this line! ] tester:*:299:10:Just a test account:/tmp: miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh ±Ìæ¤É[U "tester" ͶݵܷªAVFª /etc/NoShell ÉÈè Ü·B miquels ÍÊíÌANZX ð±ÆÉÈèÜ·B é¢Í /var/yp/Makefile t@CðÒWµA NIS ªg¤pX[ht@C ðÊÉwè·é±ÆªÅ«Ü·Bå«ÈVXeÅÍANIS ÌpX[ht @CÆO[vt@CÍÊí /var/yp/ypfiles Éu±Æª½¢æ¤Å· B±Ìæ¤É·éÆpX[ht@CÖAÌÇc[Íg¦ÈÈèÜ· BÂÜè passwd, chfn, adduser ÈÇÉεAÁÊÈc[ªKvÉÈèÜ· B µ©µ yppasswd, ypchsh, ypchfn ÍR®ìµÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 9.2. T[ovO yps NIS T[o yps ÌÝèÍOÌZNVðQlɵĺ³¢BåÌĢܷ ª®Sɯ¶ÅÍÈ¢ÌÅA ypserv Ìà¾ðKp·éÛÉÍӵĺ³¢ B yps ÍàÍâNàT|[gµÄ¢Ü¹ñµA¢Â©ZL eBz[à ¶ÝµÄ¢Ü·Bg¤×«ÅÍ èܹñI yps Ì\tgÍȺÌTCgÉ èÜ·B Site and Directory Filename ftp.lysator.liu.se:/pub/ yps-0.21.tar.gz NYS/servers ftp.kernel.org:/pub/linux/ yps-0.21.tar.gz utils/net/NIS ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 9.3. rpc.ypxfrd vO rpc.ypxfrd ÍñíÉå«È NIS }bvð NIS }X^[©ç NIS X[uT [o[É]·éÛÉA]𬻷é½ßÉp¢çêÜ·B NIS X[u T[o[ÍAVµ¢}bvª éÆ¢¤bZ[Wðó¯æéÆA»Ì}bv ðæ¾·é½ßÉ ypxfr ðN®µÜ·B ypxfr Í yp_all() Öðp¢Ä} bvÌàeð}X^[T[o[©çÇÝà¤ÆµÜ·B±ÌîñÍf[^[ x[XCuðʵÄÛ¶³êé½ßA}bvÌTCYªñíÉå«È éÆA±ÌvZXͪ੩Áĵܤ±Æª èÜ·B rpc.ypxfrd T[o[ÍA NIS X[uT[o[É}X^[Ì}bvt@C ðPÉRs[³¹A]vZX𬻵ܷBX[uT[o[ª[ ©ç©OÌ}bv𶬷éÌÉä×A±ê͸ÁÆZÔÅ·ÝÜ·B rpc.ypxfrd Í RPC x[XÌ]vgRðp¢éÌÅAVµ¢}bv𶠬·éKvÍ èܹñB rpc.ypxfrd Í inetd ©çN®·é±ÆàÅ«Ü·ªAN®ÉÍÔª©©é ÌÅA ypserv ÆêÉf[ƵÄN®µÄ¨Ù¤ª¢¢Åµå¤B rpc.ypxfrd Í NIS }X^[T[ož¯N®µÄ¨¯Î OK Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 9.4. rpc.yppasswdd vO [UªpX[hðÏXµ½Æ«ÉÍA NIS ÌpX[hf[^x[XâA »êÉ˶µ½¼Ì NIS f[^x[XàÏX³êȯêÎÈêܹñB±êð sȤ̪ rpc.yppasswdd Å·B±ÌvOÍpX[hÏXðæèµ¢ A NIS Ìîñª³µXV³êéæ¤ÉµÜ·B»Ý rpc.yppasswdd Í ypserv ÌêÆÈÁĢܷBÊpbP[WÉÈÁÄ¢é yppasswd-0.9.tar.gz â yppasswd-0.10.tar.gz ÈÇÍâÌÅg¤KvÍ èܹñµAܽ¡ãg¤×«ÅÍ èܹñB ypserv 1.3.2 Ì rpc.yppasswdd Í shadow ð®SÉT|[gµÄ¢Ü·B yppasswd Í yp-tools-2.2.tar.gz ÉüÁĢܷB rpc.yppasswdd ðÀs·éÌÍ NIS }X^[T[oÌÝÅ·BftHgÅÍ A[U[Ítl[âOCVFðÏX·é±ÆªÅ«È¢æ¤ÉÈ ÁĢܷB±êð·éÉÍA»ê¼ê -e chfn ¨æÑ -e chsh IvV ðwèµÜ·B passwd Æ shadow t@Cª /etc ÈOÉ éêÍA -D IvVðwè ·éKvª èÜ·Bá¦ÎSÄÌ\[Xt@Cð /etc/yp Éu¢ÄA[ UÉVFÌÏXðÂ\ɵ½¢êÍA rpc.yppasswdd ðȺÌp[^ ÅÀsµÈ¯êÎÈèܹñ: ¡¢ # rpc.yppasswdd -D /etc/yp -e chsh ¤£ Ü½Í ¡¢ # rpc.yppasswdd -s /etc/yp/shadow -p /etc/yp/passwd -e chsh ¤£ Åà OK Å·B ¼ÉÍÁÉ·é±ÆÍ èܹñB½¾A rpc.yppasswdd ª /var/yp/ Makefile Ư¶t@CðgÁÄ¢é©Ç¤©ÍCð¯Ĩ¢Ä¾³¢B G[Í syslog ðʵÄL^³êÜ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 10. NIS/NYS CXg[Ì`FbN ·×Ī¤ÜsÁ½çAÈPÈR}hðgÁÄCXg[Ì`FbNð sÁĺ³¢Bá¦ÎpX[ht@Cª NIS/NYS ŤL³êÄ¢éêÍ A ¡¢ % ypcat passwd ¤£ Æ¢¤R}hÅ NIS ÌpX[ht@CÌàeª©çêé͸ŷBܽ ¡¢ % ypmatch userid passwd ¤£ Æ·êÎAwèµ½[UÌGgªpX[ht@C©çæèo³êÄ \¦³êÜ· (userid ÉÍKÈ[UÌOC¼ðüêÜ·)BȨ ypcat â ypmatch ÍA trad-NIS â NYS ÌzzpbP[WÉüÁĢܷB [U[ÉæéOCªÅ«È¢êÉÍAȺÌvOðNCA gÅÀsµÄÝĺ³¢B #include #include #include int main(int argc, char *argv[]) { struct passwd *pwd; if(argc != 2) { fprintf(stderr,"Usage: getwpnam username\n"); exit(1); } pwd=getpwnam(argv[1]); if(pwd != NULL) { printf("name.....: [%s]\n",pwd->pw_name); printf("password.: [%s]\n",pwd->pw_passwd); printf("user id..: [%d]\n", pwd->pw_uid); printf("group id.: [%d]\n",pwd->pw_gid); printf("gecos....: [%s]\n",pwd->pw_gecos); printf("directory: [%s]\n",pwd->pw_dir); printf("shell....: [%s]\n",pwd->pw_shell); } else fprintf(stderr,"User \"%s\" not found!\n",argv[1]); exit(0); } ±ÌvOð[U¼ðp[^ƵÄÀsµÜ·ÆA»Ì[UÉÎ µÄ getpwnam ÖªÔ·îñªSÄ\¦³êÜ·B±êÉæÁÄAÇÌG gªÔáÁĢ驪í©éŵå¤Bæ éÔá¢ÆµÄÍApX[ hÌtB[hª "*" ÉæÁÄ㫳êÄ¢éAÈǪ èÜ·B GNU C Library 2.1 (glibc 2.1) ÉÍ getent Æ¢¤c[ªÂ¢Ä«Ü·B »Ìæ¤ÈVXeÅÍAãLÌãíèɱ¿çðg¢Üµå¤B ¡¢ % getent passwd ¤£ â ¡¢ % getent passwd login ¤£ Ìæ¤ÉµÄÝܵå¤B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11. ÄN®Ì©®Às NIS ªT[oâNCAgųµÝèÅ«½çA±ÌÝèªN®Éà³ µ½f³êé©ðmFµÈ¯êÎÈèܹñB `FbN·é_Í 2  èÜ·BN®XNvgª é©Ç¤©ÆA NIS h C¼ª³µ¢êÉÛ¶³êÄ¢é©Ç¤©AÅ·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.1. NIS pÌN®XNvg ȽÌgÁÄ¢é Linux ÅÌN®XNvgÌuêÉÈÁÄ¢éfBN gð²×ܵå¤B /etc/init.d, /etc/rc.d/init.d, /sbin/init.d ÈÇÉ ÈÁÄ¢éÆv¢Ü·B NIS ÌN®XNvgª é©Ç¤©mFµÜµå¤ Bt@C̼OÍÓ¤ ypbind Æ© ypclient ÆÈÁÄ¢éæ¤Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.2. NIS hC¼ ¨»ç éíÌlXÉÆÁÄA NIS ðg¤ãÅÌÅåÌïÖÍA NIS h C¼ðÄN®ãÉàæ¾Å«éæ¤É·é±Æŵå¤B Solaris 2.x ÅÍ ANIS hC¼Í ¡¢ /etc/defaultdomain ¤£ É 1 sÅ©êĢܵ½Bµ©µAÙÆñÇÌ Linux fBXgr [V ÅͱÌt@CÍgÁĢȢæ¤Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.3. fBXgr [VÅLÌbè »ÝÌƱëA¢ë¢ëÈ Linux fBXgr [Vɨ¯é NIS h C¼ÌÛÇêÍAȺÌæ¤ÉÈÁÄ¢éæ¤Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.3.1. Caldera 2.x Caldera Í /etc/nis.conf t@Cðp¢Ä¢éæ¤Å·B®ÍÊíÌ / etc/yp.conf Ư¶Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.3.2. Debian Debian Í Sun Ư¶ /etc/defaultdomain ðgÁÄ¢éæ¤Å·B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.3.3. Red Hat 6.x, 7.x /etc/sysconfig/network t@CÌ NISDOMAIN Ïð (ȯêÎ쬵Ä) C³µÄ¾³¢B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 11.3.4. SuSE Linux /etc/rc.config t@CÌ YP_DOMAINNAME ÏðC³µÄA SuSEconfig R }hðÀsµÄ¾³¢B ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 12. NIS Å樱éâèÆ»Ìðû@ ȺÌæ¤Èâ誽Ì[U©çñ³êĢܷB 1. o[W 4.5.19 ÌCuÍóêĨè NIS Í®ìµÜ¹ñB 2. Cuð 4.5.19 ©ç 4.5.24 ÉAbvO[h·éÆ su R}h ªg¦ÈÈèÜ·B±ÌêÍ su R}hð Slackware 1.2.0 ©çü èµÜ·B¢ÅÉÅVÌCuà±üµÄµÜ¤ÆǢŵå¤B 3. NIS T[oðÄN®³¹½ÛAypbind ª ¡¢ yp_match: clnt_call: RPC: Unable to receive; errno = Connection refused ¤£ Ìæ¤ÈbZ[Wð\¦µA NIS Ìf[^x[XÉo^³êÄ¢élª OCÅ«ÈÈé±Æª èÜ·B root ÅOCµÄ ypbind ð kill µAypbind ðN®µÈ¨µÄÝĺ³¢B ypbind 3.3 È~ÉAb vf[gµÄàðÅ«éÆv¢Ü·B 4. libc ð 5.4.20 ÈãÌÅÉAbvO[h·éÆA YP tools ª®ìµÈ ÈèÜ·B libc >= 5.4.21 ¨æÑ glibc 2.x ÉÍ yp-tools 1.2 ªK vÅ·B»êÈOÌÅÌ libc ÉÍ yp-clients 2.2 ªKvÅ·B yp-tools 2.x Èç·×ÄÌCuÅ®ìµÜ·B 5. libc 5.4.21-5.4.35 Ì yp_maplist ÍóêĢܷB yp-tools 1.x ðp ¢éÉÍ 5.4.36 È~ªKvÅ·B³à颮 ypwhich ÈÇÌ YP vO Í segfault µÄµÜ¤Í¸Å·B 6. libc5 Æ trad-NIS Í shadow pX[hÌ NIS ÅÌzzðT|[gµÄ ¢Ü¹ñB libc5 + NYS Ü½Í glibc 2.x ðp¢éKvª èÜ·B 7. ypcat shadow doesn't show the shadow map. This is correct, the name of the shadow map is shadow.byname, not shadow. 8. Solaris ÍK¸µàÁ |[gðp¢Ü¹ñB]ÁÄ Solaris ÌNCA gª éêÍpX[h mangling ðp¢ÄÍ¢¯Ü¹ñB ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª 13. æ é¿â (FAQ) Ƚª^âÉvÁÄ¢½±Æͱ±ÜÅÉ媪ð³ê½±ÆÆv¢Ü ·ªAܾ^â_ªcÁĢܵ½çA comp.os.linux.networking ÈÇÉ¿â·éÆÇ¢Æv¢Ü·B óFú{êÌj [XO[vƵÄÍ fj.os.linux japan.comp.linux ÈǪǢŵå¤B óÒÌy[W (http://surf.ap.seikei.ac.jp/~nakano/linux/NIS-j.html) É ÍAÂlIÈCXg[̱Lª¢Ä éÙ©A±Ì¶ÅÐî³êÄ¢ é\tgEFAüèæÌ~[̤¿AàÌàÌðÐîµÄ¢Ü·B