Thanks to all the respondants, listed below. I obtained much help in
understanding how NIS+ works. My questions were answered as follows:
1. Do I need to use security level 2?
Yes. Most thought security levels related to sysadmin operations, and
not to lookups, and anyway there seems to be little point in not
using it.
2. If I add Solaris2 (Sparc) clients (which I trust) how do I configure them
to use security level 1?
N/A, in view of the answer to 1.
3. Must I have an admin group?
Probably yes, but it doesn't need to be populated.
The biggest help was in getting a better understanding of how NIS+ works. For example, running in NIS compatability mode in support of PCNFS clients, all
lookups reference the NIS+ tables irrespective of what the server's
/etc/nsswitch.conf says.
I got warned about the learning time reqd. to get proficient in NIS+
administration, and it was suggested that for what I want, NISKIT will be
simpler(esp. as I already have experiance of NIS).I hear that
there's a new, improved, NISKIT to come from Sun later this year(End June is
the date I've got), so I'll keep my eye on that.
Meantime, I set up the sever with NIS+, at security level 2, with an admin
group with one entry (myself), I find it's running sort-of OK. BTW, following
"Name Services Administration Guide", (Summary, page 23, Fig1-2,Step 17.),
'nisaddcred' commands (local and des) failed saying something like
"....uid 1234 not found in passwd file"
although the uid was there OK. I moved on and populated the passwd table, then
tried 'nisaddcred' again, and it worked! (The nsswitch.conf has "files nisplus"
for passwd).
The next problem I've got is how to provide PC users with a password changing
facility. The present PC "passwd" NIS utility works with a NIS server, but
not, it seems, with a NIS+ server in NIS compatability mode. Our PCNFS Guru
is looking at this, but if anyone has been here before...
Anyway, thanks to....
timh@hardwired.momentum.com.au
Srinivasa R. Yalavarthy" <srini@concorde.com>
epl@caps.kodak.com (Gene Loriot)
mshon@sunrock.East.Sun.COM (Michael J. Shon )
David.Miner@East.Sun.COM (Dave Miner - SolarNet Engineering)
Jeff Victor <victoj@kellas.Sage.EDU>
---------------------------------------
The original query...
I'm about to set foot in the Solaris2/NIS+ arena. I have a really simple
problem: Serving passwd, host and auto.home look-up to clients running PCNFS.
Trying to keep things as simple as poss., I hope to install Solaris 2.4 on my
server, NIS+ root domain only, using "files" for everything in
/etc/nsswitch.conf.
At first I thought I didn't need NIS+ to do this, not having any NIS+ entries
in /etc/nsswitch.conf, but now I believe I need the daemon running with the
"-Y -B" options.
The questions are:
1. Do I need to use security level 2? Why cant I add LOCAL
credentials for user root and use security level 1. After all,
none of the (PC) clients is going to offer credentials so why do I need
DES so that the server can talk to itself?
2. If I add Solaris2 (Sparc) clients (which I trust) how do I configure them
to use security level 1?
3. Must I have an admin group? Not having tables, the files are looked after
by user root in the normal way.
Thanks in anticipation,
Gordon.
-------------------------------------------------------------------------
Gordon Robertson, Head of Systems, Aberdeen University Computing Centre
Tel +44(0)224 273340
E-Mail : g.robertson@abdn.ac.uk
--------------------------------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:25 CDT