Help with name services

[nitinkgoud]

Hi Guys,
In both NIS and NIS+ passwd and shadow file are on the name service server so l am unable to understand how local authentication.....say i have access to S1 and S2 not to S3 and S4.....and say all these servers have a common name server as N1... How is the access controled?And also is it really controlled?

 

[daFranze]

depending on how you configure user authentification in /etc/nsswitch.conf it is eher local, NIS, NIS+ or other (not sure if Solaris supports LDAP)

Best Regards, Franz
--
UNIX System Manager from Munich, Germany

 

[nitinkgoud]

Hi daFranze,
I know that nsswitch.conf is the gate file.
But say i have NIS+ file.

Consider this scenario User1 has account on Server1 and User2 has account on Server2.Since all the credentials pertaining to users (passwd, shadow etc) is stored on NIS+ server how dose NIS+ stop User1 form logging in to server2 and User2 form logging into Server1? Is it stored in the cred table?

 

[huebs]

It can be done using netgroups and the +/- syntax in /etc/passwd. The /etc/nsswitch.conf looks like this:

passwd:           compat
passwd_compat:    nisplus
group:            files nisplus
...
netgroup:         nisplus

In /etc/passwd you can include or exclude netgroups with +/-

root:x:0:1:Super-User:/:/sbin/sh
...
+@netgroup1::::::
+@netgroup2::::::
-@netgroup3::::::

Are you exploring an existing system or are you trying to setup this authentication now?

Greetings from Leipzig,
Huebs
===

 

[nitinkgoud]

Just exploring........
Thanks a lot for your time.
Right now i am not in a position to understand about netgroups.
Any help will be greately appreciated.
Thanks again.