SUMMARY: Help me figure out how NIS+ works...

From: Colin J. Wynne (cwynne@brutus.mts.jhu.edu)
Date: Tue Mar 25 1997 - 16:46:32 CST


-----BEGIN PGP SIGNED MESSAGE-----

Thanks for your patience, everyone. As promised, here is the summary
of basic information about using NIS+ and administrating users.

First off, we have demonstrated that I do not have the so-called
`server' version of Solaris, which means that we never shelled out the
additional ridiculous quantities of money to get Solstice, the
administration package that actually makes NIS+ something less than a
complete pain in the ass.

What this means is that administrating users requires dealing
separately with the NIS+ tables and the /etc/* files on disk. It was
suggested not to bother with physical files and just maintain tables;
until NIS+ proves itself more reliable to me, I am not going to
consider this solution.

Therefore, one uses a program such as `nispasswd' to update his user
information in the NIS+ passwd table, and the `passwd' program to
update /etc/(shadow|passwd). The former will not touch the files, the
latter will not change the NIS+ tables. A user changing a password
must either use passwd followed by chkey -p, or use nispasswd followed
by passwd to get both changed and in agreement. I have found that one
can't go too far wrong by assuming that users can barely figure out
which end of a mouse to click, much less manage to run two (2)
separate Unix (gasp) command line programs to change their passwords,
therefore I consider this setup decidedly less than ideal. It goes
without saying that no matter how many times I explain in person, or
by e-mail, the exact procedure for doing something on the system,
nobody will remember it, or even have saved the message. :-(

Argh. But I digress into my own bitterness.

Anyway, I was helpfully reminded by a few people that nischown'ing the
cred entries for new users is important.

As it is, I have not yet found a convenient, straightforward way to
get new users up and running without wasting a lot of their and my
time wrangling through the password and credential stuff.

Thanks to the following for their responses:

        Asim Zuberi <asim@psa.pencom.com>
        Stephen Harris <sweh@mpn.com>
        Francis Liu <fxl@pulse.itd.uts.edu.au>
        Leonard Sitongia <sitongia@jabba.hao.ucar.edu>
        Cecil Pang <cecil.pang@westel.com>
        Stuart Kendrick <sbk@fhcrc.org>

Several of them mentioned the book ``All About Administering NIS+'' by
Rick Ramsey, SunSoft Press, ISBN 0-13-309576-2.

Finally, one additional comment a few people made was on using
`usermod -f' or `nispasswd -f' to make sure new users have to change
their passwords after they first log in. I tried this, and ended up
with an interesting problem---a user logged in via CDE, never saw the
warning about the password expiring (because it got eaten by the CDE
logs), and then logged out. Of course, the person could not then log
back in, because he had an expired password. Any ideas how to avoid
this situation?

Thanks again for the collective help of the list.

CJW

- --
**********************************************************************
    /\ Colin J. Wynne Johns Hopkins University
   (()) Dep't of Mathematical Sciences
  /____\ ``Lunatic-at-Large'' E-Mail: cwynne@mts.jhu.edu
 /______\
/________\ To err is human, to moo bovine.
**********************************************************************

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: http://www.mts.jhu.edu/~cwynne/

iQCVAwUBMzhVxXEHfObrVHptAQGX3QP/bO0hK1JGNMn9vKBeDfL4XPOWGYdpB3s6
RQ1rbBKIHBwyTUHSN7tLEepOVqHY7RLPG2RJ6DDjjYo1X1kJk3ZSMtJ2YbW4acLt
8xsgfM0NWUoz5Ez9bb9XOukznJNXY2/pkIJ/mszlqZgqFIVVyDBgMTJ6QxqE8Gmw
wxd5fjymef8=
=RLtv
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:49 CDT